last executing test programs: 9.0451768s ago: executing program 0 (id=3868): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, r0, 0x0) 4.572971769s ago: executing program 1 (id=3901): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, &(0x7f0000000000)={{0x6, 0x7}, {0x0, 0xa2b}}, 0x0) read$auto(0x3, 0x0, 0x80) 4.076515481s ago: executing program 0 (id=3907): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r0, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x40000107, 0x2, 0x6}]}) 3.842320505s ago: executing program 1 (id=3909): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) io_uring_setup$auto(0x6, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) close_range$auto(0x2, 0xa, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) 3.574016687s ago: executing program 3 (id=3911): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000fff, 0x8000000008011, 0x3, 0x8000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) fstat$auto(r0, 0x0) r1 = getpid() process_vm_readv$auto(r1, 0x0, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) 3.368018545s ago: executing program 1 (id=3913): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0xa, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x4020ae46, r0) 3.300933354s ago: executing program 0 (id=3914): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_MCAST_FLAGS_PRIV={0x8, 0x27, 0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x24008000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.967408248s ago: executing program 1 (id=3915): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyu3\x00', 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) ioctl$auto(r0, 0x89f0, r0) 2.832680585s ago: executing program 0 (id=3916): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x7, 0x800008000) mseal$auto(0x0, 0x7dda, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0x2, 0xa, 0x1) r1 = bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r0, 0x10000}, 0x10) mmap$auto(0x4000, 0x2009, 0xfffffffffffffff9, 0x8000200008011, r1, 0x8000) 1.980262211s ago: executing program 3 (id=3920): mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) setresgid$auto(0x81, 0x800000a0, 0x8) setgroups$auto(0xc00000000, 0xfffffffffffffffc) setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/lock_policy\x00', 0x82, 0x0) write$auto(r0, 0x0, 0x2) 1.736669829s ago: executing program 3 (id=3922): clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/image_size\x00', 0x181002, 0x0) readv$auto(0x3, &(0x7f0000000600)={0x0, 0x4}, 0x1da) write$auto(0x3, 0x0, 0xfdef) 1.675013806s ago: executing program 1 (id=3923): r0 = socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x40a0ae49, r0) 1.618874237s ago: executing program 2 (id=3924): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x30, 0x0, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x4}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250af4"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 1.607060962s ago: executing program 0 (id=3925): close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/mac802154_hwsim/ieee802154/phy0/index\x00', 0xaa340, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x8e051, r0, 0x0) mmap$auto(0x400000000000, 0x9, 0x8, 0x800000000c812, 0x3, 0x0) 1.490060852s ago: executing program 3 (id=3926): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x1, 0xd, 0xfffffffffffffffb, 0x100000000, 0x2c2, 0x800002017d, 0x4, 0x40, 0xd, 0xd59, 0xfb, 0xff, 0x21, 0x100000005]}, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) recvmmsg$auto(0x3, 0x0, 0x10000, 0x68, 0x0) 1.326836817s ago: executing program 2 (id=3927): socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, 0x0, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b45, r0) 1.262037245s ago: executing program 3 (id=3928): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) fsopen$auto(&(0x7f00000001c0)='nfsd\x00', 0x1) 1.084471013s ago: executing program 2 (id=3929): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000340), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.017083277s ago: executing program 0 (id=3930): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) lsm_get_self_attr$auto(0x8, &(0x7f00000000c0)={0x81, 0x2, 0x7f, 0x94, "4718be0f84b9eef66d480ec3d5a1e9a95c2e38350661302810717a3cc01e5ea0ab151e6419904c9299c6345a762e3fc00a5c4fc5f5d36af2b36354fe94d0fbb49027eb9325366ff54ed480e9ca4e34b3043b8a78c3393e0aa55555a29c6e6f9d1d809385171bde1ca62840aa935a97f9580c0bef7373da765c671093cdf6d8a2ccab18de18e84a0bac0511396923e5fb47f3b879"}, &(0x7f0000000180)=0x9, 0x2) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{0x0, 0x406a33, &(0x7f0000000140)={0x0, 0x7f}, 0x4, 0x0, 0xfff, 0x84}, 0xfffffffb}, 0x7b, 0xdb22, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00'}) r0 = socket(0x2, 0xa, 0x0) sendmmsg$auto(r0, &(0x7f00000000c0)={{&(0x7f0000000000), 0xd1, &(0x7f0000000080)={0x0, 0x5ea}, 0x1, 0x0, 0x1, 0xaf23}, 0x6}, 0x5, 0x1997b23d) 972.64628ms ago: executing program 1 (id=3931): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) 767.694157ms ago: executing program 2 (id=3932): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) io_uring_setup$auto(0xe, &(0x7f0000000100)={0xffffffff, 0x1, 0x0, 0xa4c, 0x7, 0x10, r0, [0x0, 0x1, 0xa], {0x4, 0x6f4, 0x0, 0xff, 0xa, 0x5, 0x130, 0x1ff, 0x3}, {0xd5, 0x0, 0xff, 0x4, 0x4f54, 0x80002, 0x4, 0x6, 0x99a}}) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 528.70576ms ago: executing program 2 (id=3933): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1500, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x400007, 0xde, 0x9b72, 0xffffffffffffffff, 0x0) ioctl$auto_IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, 0x0) 357.909026ms ago: executing program 3 (id=3934): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x48840, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 0s ago: executing program 2 (id=3935): openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x0, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) kernel console output (not intermixed with test programs): yscall_64+0x668/0xf80 [ 371.524811][T12637] ? clear_bhb_loop+0x40/0x90 [ 371.524848][T12637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.524878][T12637] RIP: 0033:0x7f304af9c799 [ 371.524905][T12637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 371.524934][T12637] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 371.524972][T12637] RAX: 0000000000000000 RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 371.524991][T12637] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 371.525008][T12637] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 371.525025][T12637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 371.525042][T12637] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 371.525081][T12637] [ 372.432190][T12660] zswap: compressor û not available [ 372.541086][T12670] pim6reg: entered allmulticast mode [ 374.325364][T12712] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2586'. [ 374.520855][T12716] sd 0:0:1:0: PR command failed: 1026 [ 374.530879][T12716] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 374.543237][T12716] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 375.093811][T12726] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2592'. [ 375.105906][T12726] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2592'. [ 375.841690][T12750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2602'. [ 376.354795][T12760] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2605'. [ 377.956674][T12792] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2617'. [ 378.919829][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.926246][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.662333][T12823] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2634'. [ 379.683483][T12823] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2634'. [ 382.332615][T12899] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 382.351693][T12899] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 383.673968][T12925] CIFS: VFS: Invalid SecurityFlags: [ 384.999388][T12953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2671'. [ 385.043884][T12953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2671'. [ 385.459260][T12967] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2677'. [ 386.800877][T12992] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2686'. [ 388.107891][T13023] zswap: compressor not available [ 388.491308][T13037] process 'syz.2.2701' launched ':,' with NULL argv: empty string added [ 388.519905][T13037] ERROR: Out of memory at tomoyo_memory_ok. [ 388.534888][T13037] ERROR: Domain ' /sbin/init /etc/init.d/rcS /etc/init.d/S50sshd /sbin/start-stop-daemon /usr/sbin/sshd /usr/libexec/sshd-session /bin/sh /root/syz-executor /root/syz-executor /newroot/274/:,' not defined. [ 389.738482][T13068] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2712'. [ 392.525377][T13125] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2733'. [ 392.948447][T13143] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2742'. [ 393.120230][T13152] netlink: 350 bytes leftover after parsing attributes in process `syz.1.2745'. [ 393.480101][T13162] netlink: 'syz.1.2749': attribute type 1 has an invalid length. [ 393.499479][T13162] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2749'. [ 393.534565][T13163] netlink: 'syz.1.2749': attribute type 1 has an invalid length. [ 393.573284][T13163] netlink: 322 bytes leftover after parsing attributes in process `syz.1.2749'. [ 393.778051][T13165] netlink: 206 bytes leftover after parsing attributes in process `syz.1.2750'. [ 394.113649][T13172] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2761'. [ 394.352562][T13182] netlink: 'syz.0.2756': attribute type 64 has an invalid length. [ 394.360720][T13182] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2756'. [ 399.316784][T13274] CIFS: VFS: Unsupported security flags: 0x110 [ 399.500812][T13277] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2790'. [ 399.937223][ T5145] block nbd2: Receive control failed (result -32) [ 400.214032][T13299] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2799'. [ 401.404041][ T5145] Bluetooth: hci0: unexpected event 0x03 length: 725 > 11 [ 401.713421][T13333] FAULT_INJECTION: forcing a failure. [ 401.713421][T13333] name failslab, interval 1, probability 0, space 0, times 0 [ 401.773228][T13333] CPU: 1 UID: 0 PID: 13333 Comm: syz.0.2810 Tainted: G L syzkaller #0 PREEMPT(full) [ 401.773279][T13333] Tainted: [L]=SOFTLOCKUP [ 401.773290][T13333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 401.773308][T13333] Call Trace: [ 401.773319][T13333] [ 401.773331][T13333] dump_stack_lvl+0x100/0x190 [ 401.773382][T13333] should_fail_ex.cold+0x5/0xa [ 401.773436][T13333] ? tomoyo_init_log+0x1224/0x20c0 [ 401.773606][T13333] should_failslab+0xc2/0x120 [ 401.773643][T13333] __kmalloc_noprof+0xe0/0x850 [ 401.773701][T13333] tomoyo_init_log+0x1224/0x20c0 [ 401.773752][T13333] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.773806][T13333] ? __pfx_tomoyo_init_log+0x10/0x10 [ 401.773862][T13333] tomoyo_write_log2+0x2ed/0xbc0 [ 401.773909][T13333] tomoyo_supervisor+0x15e/0x1340 [ 401.773966][T13333] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 401.774036][T13333] ? kasan_quarantine_put+0x104/0x240 [ 401.774092][T13333] ? tomoyo_check_path_acl+0x141/0x210 [ 401.774155][T13333] ? tomoyo_check_acl+0x1f7/0x410 [ 401.774194][T13333] tomoyo_path_permission+0x270/0x3b0 [ 401.774236][T13333] tomoyo_check_open_permission+0x34d/0x3c0 [ 401.774277][T13333] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 401.774361][T13333] ? do_raw_spin_lock+0x128/0x260 [ 401.774420][T13333] ? path_get+0x61/0x80 [ 401.774460][T13333] tomoyo_file_open+0x6b/0x90 [ 401.774507][T13333] security_file_open+0xb5/0x1e0 [ 401.774570][T13333] do_dentry_open+0x5aa/0x1660 [ 401.774599][T13333] ? security_inode_permission+0xbf/0x250 [ 401.774632][T13333] vfs_open+0x82/0x3f0 [ 401.774666][T13333] path_openat+0x208c/0x31a0 [ 401.774697][T13333] ? futex_unqueue+0x13d/0x2c0 [ 401.774745][T13333] ? stack_depot_save_flags+0x27/0x9d0 [ 401.774837][T13333] ? __pfx_path_openat+0x10/0x10 [ 401.774873][T13333] ? kasan_save_stack+0x3f/0x50 [ 401.774925][T13333] ? kasan_save_stack+0x30/0x50 [ 401.774970][T13333] ? kasan_save_track+0x14/0x30 [ 401.774996][T13333] ? __kasan_slab_alloc+0x89/0x90 [ 401.775024][T13333] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 401.775067][T13333] ? do_getname+0x35/0x390 [ 401.775112][T13333] do_file_open+0x20e/0x430 [ 401.775149][T13333] ? __pfx_do_file_open+0x10/0x10 [ 401.775219][T13333] ? find_held_lock+0x2b/0x80 [ 401.775247][T13333] ? __might_fault+0xc5/0x140 [ 401.775289][T13333] ? __might_fault+0xc5/0x140 [ 401.775337][T13333] file_open_name+0x198/0x3b0 [ 401.775378][T13333] ? __pfx_file_open_name+0x10/0x10 [ 401.775435][T13333] ? do_getname+0x191/0x390 [ 401.775478][T13333] acct_on+0xa4/0x9e0 [ 401.775519][T13333] ? __pfx_acct_on+0x10/0x10 [ 401.775560][T13333] ? bpf_lsm_capable+0x9/0x10 [ 401.775605][T13333] ? security_capable+0x80/0x260 [ 401.775682][T13333] __x64_sys_acct+0x81/0x1e0 [ 401.775723][T13333] ? lockdep_hardirqs_on+0x78/0x100 [ 401.775767][T13333] do_syscall_64+0x106/0xf80 [ 401.775806][T13333] ? clear_bhb_loop+0x40/0x90 [ 401.775840][T13333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.775868][T13333] RIP: 0033:0x7f6f72f9c799 [ 401.775893][T13333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 401.775919][T13333] RSP: 002b:00007f6f73da9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 401.775947][T13333] RAX: ffffffffffffffda RBX: 00007f6f73215fa0 RCX: 00007f6f72f9c799 [ 401.775966][T13333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 401.775983][T13333] RBP: 00007f6f73032c99 R08: 0000000000000000 R09: 0000000000000000 [ 401.775999][T13333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 401.776016][T13333] R13: 00007f6f73216038 R14: 00007f6f73215fa0 R15: 00007ffef0cf7778 [ 401.776057][T13333] [ 402.537943][T13352] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2820'. [ 402.672337][T13357] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2822'. [ 404.561637][T13403] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2838'. [ 405.118701][T13419] mmap: syz.3.2844 (13419) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 405.709459][T13437] netlink: 'syz.3.2854': attribute type 4 has an invalid length. [ 405.733188][T13437] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2854'. [ 405.774009][T13439] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2853'. [ 406.482022][T13455] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 409.358512][T13511] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 409.870085][T13527] sg_write: data in/out 13788/90 bytes for SCSI command 0x0-- guessing data in; [ 409.870085][T13527] program syz.1.2885 not setting count and/or reply_len properly [ 410.664831][T13541] random: crng reseeded on system resumption [ 410.801658][T13543] Unrecognized hibernate image header format! [ 410.819109][T13543] PM: hibernation: Image mismatch: architecture specific data [ 412.230363][T13582] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2905'. [ 412.602677][T13593] netlink: zone id is out of range [ 412.608311][T13593] netlink: zone id is out of range [ 412.626438][T13593] netlink: zone id is out of range [ 412.661548][T13593] netlink: set zone limit has 8 unknown bytes [ 412.737771][T13595] netlink: zone id is out of range [ 412.742957][T13595] netlink: zone id is out of range [ 412.765885][T13595] netlink: zone id is out of range [ 412.771456][T13595] netlink: zone id is out of range [ 412.783666][T13595] netlink: zone id is out of range [ 412.793312][T13595] netlink: zone id is out of range [ 413.176592][T13601] FAULT_INJECTION: forcing a failure. [ 413.176592][T13601] name failslab, interval 1, probability 0, space 0, times 0 [ 413.193083][T13601] CPU: 1 UID: 0 PID: 13601 Comm: syz.1.2913 Tainted: G L syzkaller #0 PREEMPT(full) [ 413.193135][T13601] Tainted: [L]=SOFTLOCKUP [ 413.193147][T13601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 413.193166][T13601] Call Trace: [ 413.193176][T13601] [ 413.193189][T13601] dump_stack_lvl+0x100/0x190 [ 413.193252][T13601] should_fail_ex.cold+0x5/0xa [ 413.193294][T13601] should_failslab+0xc2/0x120 [ 413.193330][T13601] __kvmalloc_node_noprof+0xfa/0xa00 [ 413.193374][T13601] ? open_substream+0x311/0x9e0 [ 413.193508][T13601] ? lockdep_init_map_type+0x5c/0x250 [ 413.193562][T13601] open_substream+0x311/0x9e0 [ 413.193597][T13601] ? lockdep_hardirqs_on+0x78/0x100 [ 413.193653][T13601] rawmidi_open_priv+0x595/0x6f0 [ 413.193707][T13601] snd_rawmidi_open+0x4c9/0xba0 [ 413.193761][T13601] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 413.193808][T13601] ? __pfx_default_wake_function+0x10/0x10 [ 413.193849][T13601] ? kobject_get_unless_zero+0x156/0x200 [ 413.193929][T13601] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 413.193976][T13601] snd_open+0x22d/0x4c0 [ 413.194037][T13601] ? __pfx_snd_open+0x10/0x10 [ 413.194072][T13601] chrdev_open+0x234/0x6a0 [ 413.194106][T13601] ? __pfx_apparmor_file_open+0x10/0x10 [ 413.194178][T13601] ? __pfx_chrdev_open+0x10/0x10 [ 413.194224][T13601] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 413.194270][T13601] do_dentry_open+0x6d8/0x1660 [ 413.194304][T13601] ? __pfx_chrdev_open+0x10/0x10 [ 413.194346][T13601] vfs_open+0x82/0x3f0 [ 413.194388][T13601] path_openat+0x208c/0x31a0 [ 413.194438][T13601] ? __pfx_path_openat+0x10/0x10 [ 413.194488][T13601] do_file_open+0x20e/0x430 [ 413.194528][T13601] ? __pfx_do_file_open+0x10/0x10 [ 413.194595][T13601] ? alloc_fd+0x476/0x790 [ 413.194635][T13601] ? do_getname+0x191/0x390 [ 413.194681][T13601] do_sys_openat2+0x10d/0x1e0 [ 413.194723][T13601] ? __pfx_do_sys_openat2+0x10/0x10 [ 413.194769][T13601] ? __fget_files+0x21f/0x3d0 [ 413.194811][T13601] __x64_sys_openat+0x12d/0x210 [ 413.194854][T13601] ? __pfx___x64_sys_openat+0x10/0x10 [ 413.194912][T13601] do_syscall_64+0x106/0xf80 [ 413.194954][T13601] ? clear_bhb_loop+0x40/0x90 [ 413.194993][T13601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.195023][T13601] RIP: 0033:0x7f304af9c799 [ 413.195052][T13601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 413.195083][T13601] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 413.195114][T13601] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 413.195133][T13601] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 413.195152][T13601] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 413.195170][T13601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.195188][T13601] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 413.195237][T13601] [ 415.484918][T13644] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2927'. [ 416.446988][T13654] netlink: 'syz.0.2936': attribute type 1 has an invalid length. [ 417.169953][T13672] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2937'. [ 418.008360][T13681] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2940'. [ 420.217764][T13734] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2967'. [ 420.380549][T13740] random: crng reseeded on system resumption [ 420.509350][T13743] Unrecognized hibernate image header format! [ 420.533826][T13743] PM: hibernation: Image mismatch: architecture specific data [ 421.104385][T13757] sg_write: data in/out 13788/90 bytes for SCSI command 0x0-- guessing data in; [ 421.104385][T13757] program syz.2.2965 not setting count and/or reply_len properly [ 421.596301][T13765] FAULT_INJECTION: forcing a failure. [ 421.596301][T13765] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 421.616821][T13765] CPU: 1 UID: 0 PID: 13765 Comm: syz.1.2971 Tainted: G L syzkaller #0 PREEMPT(full) [ 421.616875][T13765] Tainted: [L]=SOFTLOCKUP [ 421.616888][T13765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 421.616906][T13765] Call Trace: [ 421.616917][T13765] [ 421.616930][T13765] dump_stack_lvl+0x100/0x190 [ 421.616986][T13765] should_fail_ex.cold+0x5/0xa [ 421.617019][T13765] ? prepare_alloc_pages+0x16d/0x5f0 [ 421.617063][T13765] should_fail_alloc_page+0xeb/0x140 [ 421.617102][T13765] prepare_alloc_pages+0x1f0/0x5f0 [ 421.617146][T13765] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 421.617193][T13765] ? __print_lock_name+0x21/0x80 [ 421.617223][T13765] ? is_bpf_text_address+0x8a/0x1a0 [ 421.617272][T13765] ? is_bpf_text_address+0x8a/0x1a0 [ 421.617322][T13765] ? bpf_ksym_find+0x124/0x1c0 [ 421.617362][T13765] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 421.617435][T13765] ? is_bpf_text_address+0x94/0x1a0 [ 421.617486][T13765] ? kernel_text_address+0x8d/0x100 [ 421.617537][T13765] ? __kernel_text_address+0xd/0x30 [ 421.617586][T13765] ? unwind_get_return_address+0x59/0xa0 [ 421.617624][T13765] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 421.617703][T13765] ? __pfx_stack_trace_save+0x10/0x10 [ 421.617739][T13765] ? stack_depot_save_flags+0x27/0x9d0 [ 421.617783][T13765] ? stack_trace_save+0x8e/0xc0 [ 421.617820][T13765] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 421.617858][T13765] ? policy_nodemask+0xed/0x4f0 [ 421.617899][T13765] alloc_pages_mpol+0x1fb/0x550 [ 421.617937][T13765] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 421.617984][T13765] alloc_pages_noprof+0x131/0x390 [ 421.618022][T13765] kimage_alloc_pages+0x72/0x380 [ 421.618061][T13765] kimage_alloc_control_pages+0x157/0xa20 [ 421.618108][T13765] ? __pfx_kimage_alloc_control_pages+0x10/0x10 [ 421.618156][T13765] do_kexec_load+0x275/0x810 [ 421.618197][T13765] ? __pfx_do_kexec_load+0x10/0x10 [ 421.618237][T13765] ? _copy_from_user+0x59/0xd0 [ 421.618376][T13765] __x64_sys_kexec_load+0x1bf/0x230 [ 421.618418][T13765] do_syscall_64+0x106/0xf80 [ 421.618467][T13765] ? clear_bhb_loop+0x40/0x90 [ 421.618506][T13765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.618539][T13765] RIP: 0033:0x7f304af9c799 [ 421.618568][T13765] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 421.618598][T13765] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6 [ 421.618631][T13765] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 421.618662][T13765] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000005 [ 421.618681][T13765] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 421.618700][T13765] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 421.618718][T13765] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 421.618760][T13765] [ 421.618945][T13765] kexec: Could not allocate control_code_buffer [ 422.337996][T13777] random: crng reseeded on system resumption [ 422.438418][T13780] Unrecognized hibernate image header format! [ 422.460510][T13780] PM: hibernation: Image mismatch: architecture specific data [ 422.971579][T13789] sg_write: data in/out 13788/90 bytes for SCSI command 0x0-- guessing data in; [ 422.971579][T13789] program syz.3.2978 not setting count and/or reply_len properly [ 423.027588][T13792] FAULT_INJECTION: forcing a failure. [ 423.027588][T13792] name fail_futex, interval 1, probability 0, space 0, times 0 [ 423.049247][T13792] CPU: 0 UID: 0 PID: 13792 Comm: syz.2.2980 Tainted: G L syzkaller #0 PREEMPT(full) [ 423.049300][T13792] Tainted: [L]=SOFTLOCKUP [ 423.049310][T13792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 423.049329][T13792] Call Trace: [ 423.049339][T13792] [ 423.049351][T13792] dump_stack_lvl+0x100/0x190 [ 423.049405][T13792] should_fail_ex.cold+0x5/0xa [ 423.049443][T13792] get_futex_key+0x1d2/0x1620 [ 423.049489][T13792] ? __pfx_get_futex_key+0x10/0x10 [ 423.049542][T13792] futex_wake+0xea/0x530 [ 423.049594][T13792] ? __pfx_futex_wake+0x10/0x10 [ 423.049638][T13792] ? trace_kmalloc+0x101/0x130 [ 423.049678][T13792] ? cap_capable+0x107/0x460 [ 423.049779][T13792] ? commit_creds+0x755/0x10e0 [ 423.049834][T13792] do_futex+0x32b/0x350 [ 423.049877][T13792] ? __pfx_do_futex+0x10/0x10 [ 423.049922][T13792] ? __do_sys_capset+0xfb/0x460 [ 423.049959][T13792] __x64_sys_futex+0x34f/0x4d0 [ 423.050004][T13792] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 423.050049][T13792] ? __pfx___x64_sys_futex+0x10/0x10 [ 423.050107][T13792] do_syscall_64+0x106/0xf80 [ 423.050154][T13792] ? clear_bhb_loop+0x40/0x90 [ 423.050194][T13792] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.050226][T13792] RIP: 0033:0x7ff8ebb9c799 [ 423.050252][T13792] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 423.050282][T13792] RSP: 002b:00007ff8ecab60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 423.050314][T13792] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa8 RCX: 00007ff8ebb9c799 [ 423.050334][T13792] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff8ebe15fac [ 423.050353][T13792] RBP: 00007ff8ebe15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 423.050371][T13792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.050389][T13792] R13: 00007ff8ebe16038 R14: 00007ffefcf5c750 R15: 00007ffefcf5c838 [ 423.050431][T13792] [ 423.436392][T13800] FAULT_INJECTION: forcing a failure. [ 423.436392][T13800] name failslab, interval 1, probability 0, space 0, times 0 [ 423.449606][T13800] CPU: 0 UID: 0 PID: 13800 Comm: syz.3.2983 Tainted: G L syzkaller #0 PREEMPT(full) [ 423.449658][T13800] Tainted: [L]=SOFTLOCKUP [ 423.449669][T13800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 423.449687][T13800] Call Trace: [ 423.449699][T13800] [ 423.449711][T13800] dump_stack_lvl+0x100/0x190 [ 423.449767][T13800] should_fail_ex.cold+0x5/0xa [ 423.449807][T13800] should_failslab+0xc2/0x120 [ 423.449843][T13800] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 423.449892][T13800] ? __kernfs_new_node+0xd2/0x960 [ 423.449948][T13800] __kernfs_new_node+0xd2/0x960 [ 423.450000][T13800] ? __pfx___kernfs_new_node+0x10/0x10 [ 423.450056][T13800] ? find_held_lock+0x2b/0x80 [ 423.450087][T13800] ? kernfs_root+0xee/0x2a0 [ 423.450131][T13800] ? kernfs_root+0xee/0x2a0 [ 423.450186][T13800] kernfs_new_node+0x11b/0x1a0 [ 423.450225][T13800] __kernfs_create_file+0x53/0x350 [ 423.450268][T13800] sysfs_add_file_mode_ns+0x207/0x3c0 [ 423.450320][T13800] internal_create_group+0x593/0xf40 [ 423.450376][T13800] ? __pfx_internal_create_group+0x10/0x10 [ 423.450428][T13800] ? kernfs_create_link+0x1bd/0x240 [ 423.450474][T13800] internal_create_groups+0x9d/0x150 [ 423.450546][T13800] device_add+0x71a/0x1950 [ 423.450705][T13800] ? __pfx_device_add+0x10/0x10 [ 423.450744][T13800] ? lockdep_init_map_type+0x5c/0x250 [ 423.450789][T13800] ? __init_waitqueue_head+0xca/0x150 [ 423.450850][T13800] rfkill_register+0x1ad/0xb30 [ 423.450935][T13800] nfc_register_device+0x11f/0x3e0 [ 423.451037][T13800] nci_register_device+0x7f1/0xb80 [ 423.451107][T13800] ? __pfx_nci_register_device+0x10/0x10 [ 423.451152][T13800] ? lockdep_init_map_type+0x5c/0x250 [ 423.451203][T13800] virtual_ncidev_open+0x141/0x220 [ 423.451285][T13800] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 423.451329][T13800] misc_open+0x26d/0x450 [ 423.451426][T13800] ? __pfx_misc_open+0x10/0x10 [ 423.451463][T13800] chrdev_open+0x234/0x6a0 [ 423.451497][T13800] ? __pfx_apparmor_file_open+0x10/0x10 [ 423.451560][T13800] ? __pfx_chrdev_open+0x10/0x10 [ 423.451599][T13800] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 423.451644][T13800] do_dentry_open+0x6d8/0x1660 [ 423.451678][T13800] ? __pfx_chrdev_open+0x10/0x10 [ 423.451724][T13800] vfs_open+0x82/0x3f0 [ 423.451774][T13800] path_openat+0x208c/0x31a0 [ 423.451825][T13800] ? __pfx_path_openat+0x10/0x10 [ 423.451877][T13800] do_file_open+0x20e/0x430 [ 423.451915][T13800] ? __pfx_do_file_open+0x10/0x10 [ 423.451981][T13800] ? alloc_fd+0x476/0x790 [ 423.452017][T13800] ? do_getname+0x191/0x390 [ 423.452063][T13800] do_sys_openat2+0x10d/0x1e0 [ 423.452106][T13800] ? __pfx_do_sys_openat2+0x10/0x10 [ 423.452154][T13800] ? __fget_files+0x21f/0x3d0 [ 423.452192][T13800] __x64_sys_openat+0x12d/0x210 [ 423.452237][T13800] ? __pfx___x64_sys_openat+0x10/0x10 [ 423.452300][T13800] do_syscall_64+0x106/0xf80 [ 423.452346][T13800] ? clear_bhb_loop+0x40/0x90 [ 423.452386][T13800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.452419][T13800] RIP: 0033:0x7f5a0b39c799 [ 423.452449][T13800] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 423.452479][T13800] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 423.452519][T13800] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 423.452540][T13800] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 423.452560][T13800] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 423.452579][T13800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.452598][T13800] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 423.452643][T13800] [ 428.432396][T13898] netlink: 'syz.3.3012': attribute type 1 has an invalid length. [ 428.945705][T13907] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3016'. [ 429.801100][T13937] FAULT_INJECTION: forcing a failure. [ 429.801100][T13937] name failslab, interval 1, probability 0, space 0, times 0 [ 429.821109][T13937] CPU: 1 UID: 0 PID: 13937 Comm: syz.2.3026 Tainted: G L syzkaller #0 PREEMPT(full) [ 429.821159][T13937] Tainted: [L]=SOFTLOCKUP [ 429.821170][T13937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 429.821187][T13937] Call Trace: [ 429.821197][T13937] [ 429.821225][T13937] dump_stack_lvl+0x100/0x190 [ 429.821273][T13937] should_fail_ex.cold+0x5/0xa [ 429.821309][T13937] should_failslab+0xc2/0x120 [ 429.821341][T13937] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 429.821382][T13937] ? __anon_vma_prepare+0xae/0x5e0 [ 429.821435][T13937] ? __pfx_filemap_map_pages+0x10/0x10 [ 429.821474][T13937] __anon_vma_prepare+0xae/0x5e0 [ 429.821508][T13937] ? find_held_lock+0x2b/0x80 [ 429.821541][T13937] ? __pfx_filemap_map_pages+0x10/0x10 [ 429.821581][T13937] __vmf_anon_prepare+0x11f/0x250 [ 429.821616][T13937] do_fault+0x152/0x1990 [ 429.821649][T13937] ? __pmd_alloc+0x3fb/0x950 [ 429.821686][T13937] __handle_mm_fault+0x180f/0x2b60 [ 429.821730][T13937] ? mt_find+0x45e/0x8e0 [ 429.821760][T13937] ? __pfx___handle_mm_fault+0x10/0x10 [ 429.821795][T13937] ? __pfx_mt_find+0x10/0x10 [ 429.821854][T13937] handle_mm_fault+0x36d/0xa20 [ 429.821898][T13937] __get_user_pages+0xf9c/0x34d0 [ 429.821947][T13937] ? __pfx___get_user_pages+0x10/0x10 [ 429.821992][T13937] populate_vma_page_range+0x267/0x3f0 [ 429.822031][T13937] ? __pfx_populate_vma_page_range+0x10/0x10 [ 429.822065][T13937] ? __pfx_find_vma_intersection+0x10/0x10 [ 429.822101][T13937] ? do_mmap+0x93f/0x12f0 [ 429.822141][T13937] __mm_populate+0x107/0x3a0 [ 429.822180][T13937] ? __pfx___mm_populate+0x10/0x10 [ 429.822219][T13937] ? up_write+0x290/0x4f0 [ 429.822269][T13937] vm_mmap_pgoff+0x37f/0x470 [ 429.822312][T13937] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 429.822346][T13937] ? __fget_files+0x215/0x3d0 [ 429.822385][T13937] ? __fget_files+0x21f/0x3d0 [ 429.822433][T13937] ksys_mmap_pgoff+0x3c8/0x650 [ 429.822467][T13937] ? __x64_sys_futex+0x34f/0x4d0 [ 429.822508][T13937] ? __x64_sys_futex+0x358/0x4d0 [ 429.822548][T13937] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 429.822582][T13937] ? xfd_validate_state+0x129/0x190 [ 429.822637][T13937] __x64_sys_mmap+0x125/0x190 [ 429.822687][T13937] do_syscall_64+0x106/0xf80 [ 429.822728][T13937] ? clear_bhb_loop+0x40/0x90 [ 429.822763][T13937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.822792][T13937] RIP: 0033:0x7ff8ebb9c799 [ 429.822816][T13937] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 429.822844][T13937] RSP: 002b:00007ff8ecab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 429.822874][T13937] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa0 RCX: 00007ff8ebb9c799 [ 429.822894][T13937] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 429.822910][T13937] RBP: 00007ff8ebc32c99 R08: 0000000000000003 R09: 0000000000008000 [ 429.822928][T13937] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 429.822946][T13937] R13: 00007ff8ebe16038 R14: 00007ff8ebe15fa0 R15: 00007ffefcf5c838 [ 429.822989][T13937] [ 431.075175][T13973] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3037'. [ 431.356534][T13970] netlink: 74 bytes leftover after parsing attributes in process `syz.1.3036'. [ 431.426108][T13978] ERROR: Out of memory at tomoyo_memory_ok. [ 431.444701][T13986] ERROR: Out of memory at tomoyo_memory_ok. [ 431.699579][T13995] FAULT_INJECTION: forcing a failure. [ 431.699579][T13995] name failslab, interval 1, probability 0, space 0, times 0 [ 431.763300][T13995] CPU: 0 UID: 0 PID: 13995 Comm: syz.1.3042 Tainted: G L syzkaller #0 PREEMPT(full) [ 431.763352][T13995] Tainted: [L]=SOFTLOCKUP [ 431.763364][T13995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 431.763383][T13995] Call Trace: [ 431.763393][T13995] [ 431.763405][T13995] dump_stack_lvl+0x100/0x190 [ 431.763470][T13995] should_fail_ex.cold+0x5/0xa [ 431.763509][T13995] should_failslab+0xc2/0x120 [ 431.763544][T13995] __kmalloc_cache_noprof+0x7a/0x6f0 [ 431.763587][T13995] ? __vb2_init_fileio+0x18f/0x1000 [ 431.763743][T13995] ? trace_contention_end+0x140/0x180 [ 431.763793][T13995] __vb2_init_fileio+0x18f/0x1000 [ 431.763830][T13995] ? vb2_fop_read+0xe5/0x520 [ 431.763861][T13995] ? aa_file_perm+0x7f3/0x14d0 [ 431.763916][T13995] __vb2_perform_fileio+0x91e/0x1380 [ 431.763965][T13995] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 431.764002][T13995] ? __pfx___might_resched+0x10/0x10 [ 431.764062][T13995] vb2_fop_read+0x211/0x520 [ 431.764103][T13995] v4l2_read+0x229/0x2c0 [ 431.764166][T13995] ? __pfx_v4l2_read+0x10/0x10 [ 431.764197][T13995] vfs_read+0x1e4/0xb30 [ 431.764233][T13995] ? __pfx_vfs_read+0x10/0x10 [ 431.764260][T13995] ? find_held_lock+0x2b/0x80 [ 431.764291][T13995] ? __fget_files+0x215/0x3d0 [ 431.764322][T13995] ? __fget_files+0x215/0x3d0 [ 431.764361][T13995] ? __fget_files+0x21f/0x3d0 [ 431.764405][T13995] ksys_read+0x12a/0x250 [ 431.764442][T13995] ? __pfx_ksys_read+0x10/0x10 [ 431.764481][T13995] do_syscall_64+0x106/0xf80 [ 431.764523][T13995] ? clear_bhb_loop+0x40/0x90 [ 431.764556][T13995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.764585][T13995] RIP: 0033:0x7f304af9c799 [ 431.764611][T13995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 431.764637][T13995] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 431.764666][T13995] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 431.764686][T13995] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000003 [ 431.764701][T13995] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 431.764718][T13995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.764736][T13995] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 431.764775][T13995] [ 433.747136][T14022] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3051'. [ 434.944137][T14048] FAULT_INJECTION: forcing a failure. [ 434.944137][T14048] name fail_futex, interval 1, probability 0, space 0, times 0 [ 434.976141][T14048] CPU: 1 UID: 0 PID: 14048 Comm: syz.2.3062 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.976189][T14048] Tainted: [L]=SOFTLOCKUP [ 434.976198][T14048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 434.976213][T14048] Call Trace: [ 434.976222][T14048] [ 434.976232][T14048] dump_stack_lvl+0x100/0x190 [ 434.976284][T14048] should_fail_ex.cold+0x5/0xa [ 434.976317][T14048] get_futex_key+0x1d2/0x1620 [ 434.976358][T14048] ? __pfx_get_futex_key+0x10/0x10 [ 434.976391][T14048] ? is_bpf_text_address+0x94/0x1a0 [ 434.976446][T14048] ? kernel_text_address+0x8d/0x100 [ 434.976492][T14048] ? __kernel_text_address+0xd/0x30 [ 434.976536][T14048] ? unwind_get_return_address+0x59/0xa0 [ 434.976576][T14048] futex_wait_setup+0x83/0x510 [ 434.976638][T14048] __futex_wait+0x19f/0x300 [ 434.976693][T14048] ? __pfx___futex_wait+0x10/0x10 [ 434.976750][T14048] ? __pfx_futex_wake_mark+0x10/0x10 [ 434.976806][T14048] ? futex_hash+0x2c5/0x380 [ 434.976858][T14048] futex_wait+0xed/0x380 [ 434.976909][T14048] ? __pfx_futex_wait+0x10/0x10 [ 434.976954][T14048] ? find_held_lock+0x2b/0x80 [ 434.976998][T14048] ? __lock_acquire+0x4a5/0x2630 [ 434.977043][T14048] do_futex+0x1ef/0x350 [ 434.977087][T14048] ? __pfx_do_futex+0x10/0x10 [ 434.977142][T14048] __x64_sys_futex+0x34f/0x4d0 [ 434.977191][T14048] ? __pfx___x64_sys_futex+0x10/0x10 [ 434.977251][T14048] do_syscall_64+0x106/0xf80 [ 434.977300][T14048] ? clear_bhb_loop+0x40/0x90 [ 434.977340][T14048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.977374][T14048] RIP: 0033:0x7ff8ebb9c799 [ 434.977401][T14048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.977442][T14048] RSP: 002b:00007ff8ecab60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 434.977475][T14048] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa8 RCX: 00007ff8ebb9c799 [ 434.977494][T14048] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ff8ebe15fa8 [ 434.977511][T14048] RBP: 00007ff8ebe15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 434.977528][T14048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.977545][T14048] R13: 00007ff8ebe16038 R14: 00007ffefcf5c750 R15: 00007ffefcf5c838 [ 434.977585][T14048] [ 435.845345][T14063] ubi0: attaching mtd0 [ 435.851915][T14063] ubi0: scanning is finished [ 435.881385][T14063] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 435.918282][T14067] FAULT_INJECTION: forcing a failure. [ 435.918282][T14067] name failslab, interval 1, probability 0, space 0, times 0 [ 435.947265][T14067] CPU: 0 UID: 0 PID: 14067 Comm: syz.1.3070 Tainted: G L syzkaller #0 PREEMPT(full) [ 435.947322][T14067] Tainted: [L]=SOFTLOCKUP [ 435.947334][T14067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 435.947354][T14067] Call Trace: [ 435.947365][T14067] [ 435.947378][T14067] dump_stack_lvl+0x100/0x190 [ 435.947444][T14067] should_fail_ex.cold+0x5/0xa [ 435.947485][T14067] should_failslab+0xc2/0x120 [ 435.947523][T14067] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 435.947573][T14067] ? __anon_vma_prepare+0xae/0x5e0 [ 435.947626][T14067] ? __pfx_filemap_map_pages+0x10/0x10 [ 435.947675][T14067] __anon_vma_prepare+0xae/0x5e0 [ 435.947718][T14067] ? find_held_lock+0x2b/0x80 [ 435.947755][T14067] ? __pfx_filemap_map_pages+0x10/0x10 [ 435.947803][T14067] __vmf_anon_prepare+0x11f/0x250 [ 435.947845][T14067] do_fault+0x152/0x1990 [ 435.947882][T14067] ? __pmd_alloc+0x3fb/0x950 [ 435.947924][T14067] __handle_mm_fault+0x180f/0x2b60 [ 435.947977][T14067] ? mt_find+0x45e/0x8e0 [ 435.948011][T14067] ? __pfx___handle_mm_fault+0x10/0x10 [ 435.948054][T14067] ? __pfx_mt_find+0x10/0x10 [ 435.948121][T14067] handle_mm_fault+0x36d/0xa20 [ 435.948175][T14067] __get_user_pages+0xf9c/0x34d0 [ 435.948224][T14067] ? __pfx___get_user_pages+0x10/0x10 [ 435.948269][T14067] populate_vma_page_range+0x267/0x3f0 [ 435.948306][T14067] ? __pfx_populate_vma_page_range+0x10/0x10 [ 435.948341][T14067] ? __pfx_find_vma_intersection+0x10/0x10 [ 435.948375][T14067] ? do_mmap+0x93f/0x12f0 [ 435.948438][T14067] __mm_populate+0x107/0x3a0 [ 435.948470][T14067] ? __pfx___mm_populate+0x10/0x10 [ 435.948503][T14067] ? up_write+0x290/0x4f0 [ 435.948542][T14067] vm_mmap_pgoff+0x37f/0x470 [ 435.948575][T14067] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 435.948602][T14067] ? __fget_files+0x215/0x3d0 [ 435.948632][T14067] ? __fget_files+0x21f/0x3d0 [ 435.948661][T14067] ksys_mmap_pgoff+0x3c8/0x650 [ 435.948688][T14067] ? __x64_sys_futex+0x34f/0x4d0 [ 435.948718][T14067] ? __x64_sys_futex+0x358/0x4d0 [ 435.948751][T14067] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 435.948777][T14067] ? xfd_validate_state+0x129/0x190 [ 435.948819][T14067] __x64_sys_mmap+0x125/0x190 [ 435.948859][T14067] do_syscall_64+0x106/0xf80 [ 435.948895][T14067] ? clear_bhb_loop+0x40/0x90 [ 435.948925][T14067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.948949][T14067] RIP: 0033:0x7f304af9c799 [ 435.948970][T14067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.948993][T14067] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 435.949017][T14067] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 435.949033][T14067] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 435.949048][T14067] RBP: 00007f304b032c99 R08: 0000000000000003 R09: 0000000000008000 [ 435.949064][T14067] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 435.949079][T14067] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 435.949113][T14067] [ 436.626004][T14063] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 437.177948][T14086] FAULT_INJECTION: forcing a failure. [ 437.177948][T14086] name failslab, interval 1, probability 0, space 0, times 0 [ 437.234780][T14086] CPU: 1 UID: 0 PID: 14086 Comm: syz.2.3074 Tainted: G L syzkaller #0 PREEMPT(full) [ 437.234830][T14086] Tainted: [L]=SOFTLOCKUP [ 437.234840][T14086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 437.234859][T14086] Call Trace: [ 437.234870][T14086] [ 437.234891][T14086] dump_stack_lvl+0x100/0x190 [ 437.234948][T14086] should_fail_ex.cold+0x5/0xa [ 437.234993][T14086] should_failslab+0xc2/0x120 [ 437.235028][T14086] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 437.235077][T14086] ? __kernfs_new_node+0xd2/0x960 [ 437.235129][T14086] __kernfs_new_node+0xd2/0x960 [ 437.235178][T14086] ? __pfx___kernfs_new_node+0x10/0x10 [ 437.235234][T14086] ? find_held_lock+0x2b/0x80 [ 437.235265][T14086] ? kernfs_root+0xee/0x2a0 [ 437.235308][T14086] ? kernfs_root+0xee/0x2a0 [ 437.235363][T14086] kernfs_new_node+0x11b/0x1a0 [ 437.235399][T14086] __kernfs_create_file+0x53/0x350 [ 437.235439][T14086] sysfs_add_file_mode_ns+0x207/0x3c0 [ 437.235492][T14086] internal_create_group+0x593/0xf40 [ 437.235548][T14086] ? __pfx_internal_create_group+0x10/0x10 [ 437.235601][T14086] ? kernfs_create_link+0x1bd/0x240 [ 437.235642][T14086] internal_create_groups+0x9d/0x150 [ 437.235690][T14086] device_add+0x71a/0x1950 [ 437.235749][T14086] ? __pfx_device_add+0x10/0x10 [ 437.235787][T14086] ? lockdep_init_map_type+0x5c/0x250 [ 437.235830][T14086] ? __init_waitqueue_head+0xca/0x150 [ 437.235891][T14086] rfkill_register+0x1ad/0xb30 [ 437.235931][T14086] nfc_register_device+0x11f/0x3e0 [ 437.235978][T14086] nci_register_device+0x7f1/0xb80 [ 437.236016][T14086] ? __pfx_nci_register_device+0x10/0x10 [ 437.236060][T14086] ? lockdep_init_map_type+0x5c/0x250 [ 437.236110][T14086] virtual_ncidev_open+0x141/0x220 [ 437.236156][T14086] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 437.236199][T14086] misc_open+0x26d/0x450 [ 437.236237][T14086] ? __pfx_misc_open+0x10/0x10 [ 437.236273][T14086] chrdev_open+0x234/0x6a0 [ 437.236303][T14086] ? __pfx_apparmor_file_open+0x10/0x10 [ 437.236334][T14086] ? __pfx_chrdev_open+0x10/0x10 [ 437.236367][T14086] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 437.236409][T14086] do_dentry_open+0x6d8/0x1660 [ 437.236439][T14086] ? __pfx_chrdev_open+0x10/0x10 [ 437.236480][T14086] vfs_open+0x82/0x3f0 [ 437.236520][T14086] path_openat+0x208c/0x31a0 [ 437.236565][T14086] ? __pfx_path_openat+0x10/0x10 [ 437.236611][T14086] do_file_open+0x20e/0x430 [ 437.236643][T14086] ? __pfx_do_file_open+0x10/0x10 [ 437.236704][T14086] ? alloc_fd+0x476/0x790 [ 437.236738][T14086] ? do_getname+0x191/0x390 [ 437.236775][T14086] do_sys_openat2+0x10d/0x1e0 [ 437.236812][T14086] ? __pfx_do_sys_openat2+0x10/0x10 [ 437.236851][T14086] ? __fget_files+0x21f/0x3d0 [ 437.236896][T14086] __x64_sys_openat+0x12d/0x210 [ 437.236934][T14086] ? __pfx___x64_sys_openat+0x10/0x10 [ 437.236987][T14086] do_syscall_64+0x106/0xf80 [ 437.237029][T14086] ? clear_bhb_loop+0x40/0x90 [ 437.237065][T14086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.237095][T14086] RIP: 0033:0x7ff8ebb9c799 [ 437.237123][T14086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 437.237149][T14086] RSP: 002b:00007ff8ecab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 437.237179][T14086] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa0 RCX: 00007ff8ebb9c799 [ 437.237198][T14086] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 437.237216][T14086] RBP: 00007ff8ebc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 437.237233][T14086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.237249][T14086] R13: 00007ff8ebe16038 R14: 00007ff8ebe15fa0 R15: 00007ffefcf5c838 [ 437.237291][T14086] [ 437.906418][T14093] netlink: 302 bytes leftover after parsing attributes in process `syz.3.3077'. [ 438.049092][T14102] FAULT_INJECTION: forcing a failure. [ 438.049092][T14102] name fail_futex, interval 1, probability 0, space 0, times 0 [ 438.067575][T14102] CPU: 0 UID: 0 PID: 14102 Comm: syz.0.3080 Tainted: G L syzkaller #0 PREEMPT(full) [ 438.067625][T14102] Tainted: [L]=SOFTLOCKUP [ 438.067636][T14102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 438.067654][T14102] Call Trace: [ 438.067665][T14102] [ 438.067677][T14102] dump_stack_lvl+0x100/0x190 [ 438.067730][T14102] should_fail_ex.cold+0x5/0xa [ 438.067769][T14102] get_futex_key+0x1d2/0x1620 [ 438.067815][T14102] ? __pfx_get_futex_key+0x10/0x10 [ 438.067862][T14102] ? is_bpf_text_address+0x94/0x1a0 [ 438.067911][T14102] ? kernel_text_address+0x8d/0x100 [ 438.067957][T14102] ? __kernel_text_address+0xd/0x30 [ 438.068001][T14102] ? unwind_get_return_address+0x59/0xa0 [ 438.068041][T14102] futex_wait_setup+0x83/0x510 [ 438.068097][T14102] __futex_wait+0x19f/0x300 [ 438.068146][T14102] ? __pfx___futex_wait+0x10/0x10 [ 438.068200][T14102] ? __pfx_futex_wake_mark+0x10/0x10 [ 438.068263][T14102] ? futex_hash+0x2c5/0x380 [ 438.068314][T14102] futex_wait+0xed/0x380 [ 438.068363][T14102] ? __pfx_futex_wait+0x10/0x10 [ 438.068417][T14102] ? find_held_lock+0x2b/0x80 [ 438.068455][T14102] ? __lock_acquire+0x4a5/0x2630 [ 438.068496][T14102] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 438.068616][T14102] ? __debug_object_init+0x2de/0x3d0 [ 438.068678][T14102] do_futex+0x1ef/0x350 [ 438.068721][T14102] ? __pfx_do_futex+0x10/0x10 [ 438.068762][T14102] ? do_raw_spin_lock+0x128/0x260 [ 438.068810][T14102] ? find_held_lock+0x2b/0x80 [ 438.068847][T14102] ? set_task_ioprio+0x2da/0x670 [ 438.068934][T14102] __x64_sys_futex+0x34f/0x4d0 [ 438.068982][T14102] ? __pfx___x64_sys_futex+0x10/0x10 [ 438.069045][T14102] do_syscall_64+0x106/0xf80 [ 438.069090][T14102] ? clear_bhb_loop+0x40/0x90 [ 438.069130][T14102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.069163][T14102] RIP: 0033:0x7f6f72f9c799 [ 438.069190][T14102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 438.069220][T14102] RSP: 002b:00007f6f73da90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 438.069250][T14102] RAX: ffffffffffffffda RBX: 00007f6f73215fa8 RCX: 00007f6f72f9c799 [ 438.069271][T14102] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6f73215fa8 [ 438.069290][T14102] RBP: 00007f6f73215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 438.069308][T14102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.069324][T14102] R13: 00007f6f73216038 R14: 00007ffef0cf7690 R15: 00007ffef0cf7778 [ 438.069365][T14102] [ 438.670322][T14108] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3083'. [ 438.726685][T14112] openvswitch: HfR: Dropping previously announced user features [ 438.771344][T14112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3084'. [ 438.785055][T14112] HfR: left promiscuous mode [ 438.945421][T14119] FAULT_INJECTION: forcing a failure. [ 438.945421][T14119] name failslab, interval 1, probability 0, space 0, times 0 [ 438.961030][T14119] CPU: 1 UID: 0 PID: 14119 Comm: syz.3.3089 Tainted: G L syzkaller #0 PREEMPT(full) [ 438.961083][T14119] Tainted: [L]=SOFTLOCKUP [ 438.961094][T14119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 438.961113][T14119] Call Trace: [ 438.961124][T14119] [ 438.961136][T14119] dump_stack_lvl+0x100/0x190 [ 438.961192][T14119] should_fail_ex.cold+0x5/0xa [ 438.961230][T14119] should_failslab+0xc2/0x120 [ 438.961267][T14119] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 438.961315][T14119] ? __anon_vma_prepare+0xae/0x5e0 [ 438.961379][T14119] ? __pfx_filemap_map_pages+0x10/0x10 [ 438.961426][T14119] __anon_vma_prepare+0xae/0x5e0 [ 438.961468][T14119] ? find_held_lock+0x2b/0x80 [ 438.961504][T14119] ? __pfx_filemap_map_pages+0x10/0x10 [ 438.961549][T14119] __vmf_anon_prepare+0x11f/0x250 [ 438.961590][T14119] do_fault+0x152/0x1990 [ 438.961625][T14119] ? __pmd_alloc+0x3fb/0x950 [ 438.961667][T14119] __handle_mm_fault+0x180f/0x2b60 [ 438.961717][T14119] ? mt_find+0x45e/0x8e0 [ 438.961750][T14119] ? __pfx___handle_mm_fault+0x10/0x10 [ 438.961790][T14119] ? __pfx_mt_find+0x10/0x10 [ 438.961854][T14119] handle_mm_fault+0x36d/0xa20 [ 438.961906][T14119] __get_user_pages+0xf9c/0x34d0 [ 438.961960][T14119] ? __pfx___get_user_pages+0x10/0x10 [ 438.962007][T14119] populate_vma_page_range+0x267/0x3f0 [ 438.962049][T14119] ? __pfx_populate_vma_page_range+0x10/0x10 [ 438.962087][T14119] ? __pfx_find_vma_intersection+0x10/0x10 [ 438.962124][T14119] ? do_mmap+0x93f/0x12f0 [ 438.962166][T14119] __mm_populate+0x107/0x3a0 [ 438.962208][T14119] ? __pfx___mm_populate+0x10/0x10 [ 438.962250][T14119] ? up_write+0x290/0x4f0 [ 438.962301][T14119] vm_mmap_pgoff+0x37f/0x470 [ 438.962345][T14119] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 438.962387][T14119] ? __fget_files+0x215/0x3d0 [ 438.962427][T14119] ? __fget_files+0x21f/0x3d0 [ 438.962467][T14119] ksys_mmap_pgoff+0x3c8/0x650 [ 438.962502][T14119] ? __x64_sys_futex+0x34f/0x4d0 [ 438.962544][T14119] ? __x64_sys_futex+0x358/0x4d0 [ 438.962587][T14119] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 438.962622][T14119] ? xfd_validate_state+0x129/0x190 [ 438.962677][T14119] __x64_sys_mmap+0x125/0x190 [ 438.962728][T14119] do_syscall_64+0x106/0xf80 [ 438.962774][T14119] ? clear_bhb_loop+0x40/0x90 [ 438.962814][T14119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.962847][T14119] RIP: 0033:0x7f5a0b39c799 [ 438.962874][T14119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 438.962902][T14119] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 438.962931][T14119] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 438.962951][T14119] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 438.962972][T14119] RBP: 00007f5a0b432c99 R08: 0000000000000003 R09: 0000000000008000 [ 438.962989][T14119] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 438.963005][T14119] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 438.963044][T14119] [ 439.488059][T14130] FAULT_INJECTION: forcing a failure. [ 439.488059][T14130] name failslab, interval 1, probability 0, space 0, times 0 [ 439.541888][T14130] CPU: 0 UID: 0 PID: 14130 Comm: syz.0.3088 Tainted: G L syzkaller #0 PREEMPT(full) [ 439.541940][T14130] Tainted: [L]=SOFTLOCKUP [ 439.541951][T14130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 439.541970][T14130] Call Trace: [ 439.541980][T14130] [ 439.541993][T14130] dump_stack_lvl+0x100/0x190 [ 439.542046][T14130] should_fail_ex.cold+0x5/0xa [ 439.542086][T14130] should_failslab+0xc2/0x120 [ 439.542129][T14130] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 439.542177][T14130] ? __kernfs_new_node+0xd2/0x960 [ 439.542242][T14130] __kernfs_new_node+0xd2/0x960 [ 439.542293][T14130] ? __pfx___kernfs_new_node+0x10/0x10 [ 439.542351][T14130] ? find_held_lock+0x2b/0x80 [ 439.542382][T14130] ? kernfs_root+0xee/0x2a0 [ 439.542421][T14130] ? kernfs_root+0xee/0x2a0 [ 439.542469][T14130] kernfs_new_node+0x11b/0x1a0 [ 439.542505][T14130] __kernfs_create_file+0x53/0x350 [ 439.542544][T14130] sysfs_add_file_mode_ns+0x207/0x3c0 [ 439.542596][T14130] internal_create_group+0x593/0xf40 [ 439.542666][T14130] ? __pfx_internal_create_group+0x10/0x10 [ 439.542716][T14130] ? kernfs_create_link+0x1bd/0x240 [ 439.542763][T14130] internal_create_groups+0x9d/0x150 [ 439.542814][T14130] device_add+0x71a/0x1950 [ 439.542860][T14130] ? __pfx_device_add+0x10/0x10 [ 439.542897][T14130] ? lockdep_init_map_type+0x5c/0x250 [ 439.542942][T14130] ? __init_waitqueue_head+0xca/0x150 [ 439.542996][T14130] rfkill_register+0x1ad/0xb30 [ 439.543035][T14130] nfc_register_device+0x11f/0x3e0 [ 439.543079][T14130] nci_register_device+0x7f1/0xb80 [ 439.543118][T14130] ? __pfx_nci_register_device+0x10/0x10 [ 439.543161][T14130] ? lockdep_init_map_type+0x5c/0x250 [ 439.543219][T14130] virtual_ncidev_open+0x141/0x220 [ 439.543265][T14130] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 439.543309][T14130] misc_open+0x26d/0x450 [ 439.543346][T14130] ? __pfx_misc_open+0x10/0x10 [ 439.543382][T14130] chrdev_open+0x234/0x6a0 [ 439.543416][T14130] ? __pfx_apparmor_file_open+0x10/0x10 [ 439.543450][T14130] ? __pfx_chrdev_open+0x10/0x10 [ 439.543487][T14130] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 439.543532][T14130] do_dentry_open+0x6d8/0x1660 [ 439.543564][T14130] ? __pfx_chrdev_open+0x10/0x10 [ 439.543606][T14130] vfs_open+0x82/0x3f0 [ 439.543653][T14130] path_openat+0x208c/0x31a0 [ 439.543723][T14130] ? __pfx_path_openat+0x10/0x10 [ 439.543778][T14130] do_file_open+0x20e/0x430 [ 439.543815][T14130] ? __pfx_do_file_open+0x10/0x10 [ 439.543873][T14130] ? alloc_fd+0x476/0x790 [ 439.543912][T14130] ? do_getname+0x191/0x390 [ 439.543957][T14130] do_sys_openat2+0x10d/0x1e0 [ 439.544000][T14130] ? __pfx_do_sys_openat2+0x10/0x10 [ 439.544045][T14130] ? __fget_files+0x21f/0x3d0 [ 439.544086][T14130] __x64_sys_openat+0x12d/0x210 [ 439.544130][T14130] ? __pfx___x64_sys_openat+0x10/0x10 [ 439.544191][T14130] do_syscall_64+0x106/0xf80 [ 439.544246][T14130] ? clear_bhb_loop+0x40/0x90 [ 439.544286][T14130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.544319][T14130] RIP: 0033:0x7f6f72f9c799 [ 439.544346][T14130] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.544374][T14130] RSP: 002b:00007f6f73da9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 439.544404][T14130] RAX: ffffffffffffffda RBX: 00007f6f73215fa0 RCX: 00007f6f72f9c799 [ 439.544423][T14130] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 439.544441][T14130] RBP: 00007f6f73032c99 R08: 0000000000000000 R09: 0000000000000000 [ 439.544458][T14130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.544474][T14130] R13: 00007f6f73216038 R14: 00007f6f73215fa0 R15: 00007ffef0cf7778 [ 439.544518][T14130] [ 440.351249][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.360073][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.889591][T14168] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input9 [ 442.167429][T14192] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3117'. [ 443.307155][T14218] net_ratelimit: 6 callbacks suppressed [ 443.307186][T14218] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 443.320042][T14218] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 443.560490][T14229] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3132'. [ 443.854071][T14236] No such timeout policy "" [ 443.858957][T14236] netlink: Failed to associated timeout policy '' [ 443.958591][ T29] audit: type=1804 audit(2147483862.010:17): pid=14242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3138" name=2F6E6577726F6F742F3735382F50524F46494C455F56455253494F4E3D32303135303530350A302D434F4D4D454E543D0A302D505245464552454E43453D7B206D61785F61756469745F6C6F673D3332206D61785F6C6561726E696E675F656E7472793D3634207D0A302D434F4E4649473D7B206D6F64653D6C6561726E696E67206772616E745F6C6F673D6E6F2072656A6563745F6C6F673D796573207D0A dev="tmpfs" ino=3865 res=1 errno=0 [ 444.317428][T14255] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3142'. [ 446.193253][T14286] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3153'. [ 446.260043][T14286] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.296808][T14286] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.309160][T14286] bond0 (unregistering): Released all slaves [ 446.661017][T14292] netlink: 302 bytes leftover after parsing attributes in process `syz.0.3155'. [ 447.647362][T14319] FAULT_INJECTION: forcing a failure. [ 447.647362][T14319] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 447.689586][T14319] CPU: 1 UID: 0 PID: 14319 Comm: syz.1.3166 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.689635][T14319] Tainted: [L]=SOFTLOCKUP [ 447.689646][T14319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 447.689661][T14319] Call Trace: [ 447.689671][T14319] [ 447.689682][T14319] dump_stack_lvl+0x100/0x190 [ 447.689733][T14319] should_fail_ex.cold+0x5/0xa [ 447.689764][T14319] ? prepare_alloc_pages+0x16d/0x5f0 [ 447.689802][T14319] should_fail_alloc_page+0xeb/0x140 [ 447.689839][T14319] prepare_alloc_pages+0x1f0/0x5f0 [ 447.689885][T14319] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 447.689949][T14319] ? __lock_acquire+0x4a5/0x2630 [ 447.690004][T14319] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 447.690067][T14319] ? do_raw_spin_lock+0x128/0x260 [ 447.690110][T14319] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 447.690157][T14319] ? find_held_lock+0x2b/0x80 [ 447.690201][T14319] ? __lock_acquire+0x4a5/0x2630 [ 447.690243][T14319] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 447.690280][T14319] ? policy_nodemask+0xed/0x4f0 [ 447.690317][T14319] alloc_pages_mpol+0x1fb/0x550 [ 447.690355][T14319] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 447.690391][T14319] ? __lock_acquire+0x4a5/0x2630 [ 447.690438][T14319] folio_alloc_mpol_noprof+0x36/0x340 [ 447.690482][T14319] shmem_alloc_folio+0x135/0x160 [ 447.690525][T14319] shmem_alloc_and_add_folio+0x371/0xd40 [ 447.690584][T14319] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 447.690635][T14319] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 447.690693][T14319] shmem_get_folio_gfp+0x6ab/0x1900 [ 447.690751][T14319] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 447.690801][T14319] ? filemap_map_pages+0xe69/0x2020 [ 447.690855][T14319] shmem_fault+0x1f9/0xa20 [ 447.690902][T14319] ? __lock_acquire+0x4a5/0x2630 [ 447.690943][T14319] ? __pfx_shmem_fault+0x10/0x10 [ 447.690998][T14319] ? __pfx_filemap_map_pages+0x10/0x10 [ 447.691066][T14319] __do_fault+0x10d/0x550 [ 447.691104][T14319] do_fault+0xabb/0x1990 [ 447.691150][T14319] __handle_mm_fault+0x180f/0x2b60 [ 447.691202][T14319] ? mt_find+0x45e/0x8e0 [ 447.691238][T14319] ? __pfx___handle_mm_fault+0x10/0x10 [ 447.691276][T14319] ? __pfx_mt_find+0x10/0x10 [ 447.691332][T14319] ? find_vma+0xbf/0x140 [ 447.691363][T14319] ? __pfx_find_vma+0x10/0x10 [ 447.691400][T14319] handle_mm_fault+0x36d/0xa20 [ 447.691451][T14319] do_user_addr_fault+0x74c/0x12f0 [ 447.691527][T14319] exc_page_fault+0x6f/0xd0 [ 447.691572][T14319] asm_exc_page_fault+0x26/0x30 [ 447.691602][T14319] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 447.691640][T14319] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 447.691670][T14319] RSP: 0018:ffffc9000543fa40 EFLAGS: 00050206 [ 447.691698][T14319] RAX: 0000000000000001 RBX: ffff888067f20000 RCX: 0000000000001000 [ 447.691717][T14319] RDX: 0000000000000001 RSI: 0000000000004000 RDI: ffff888067f20000 [ 447.691735][T14319] RBP: 0000000000004000 R08: 0000000000000001 R09: ffffed100cfe41ff [ 447.691752][T14319] R10: ffff888067f20fff R11: 0000000000000000 R12: ffffc9000543fd80 [ 447.691771][T14319] R13: 0000000000004000 R14: 0000000000001000 R15: 0000000000000000 [ 447.691812][T14319] _copy_from_iter+0x355/0x1690 [ 447.691859][T14319] ? policy_nodemask+0xed/0x4f0 [ 447.691888][T14319] ? __pfx__copy_from_iter+0x10/0x10 [ 447.691928][T14319] ? alloc_pages_mpol+0x25a/0x550 [ 447.691962][T14319] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 447.692004][T14319] copy_page_from_iter+0xde/0x180 [ 447.692052][T14319] anon_pipe_write+0xae4/0x1d40 [ 447.692097][T14319] ? __pfx_anon_pipe_write+0x10/0x10 [ 447.692129][T14319] ? apparmor_file_permission+0x13f/0x1c0 [ 447.692163][T14319] ? bpf_lsm_file_permission+0x9/0x10 [ 447.692189][T14319] ? security_file_permission+0x76/0x210 [ 447.692226][T14319] ? rw_verify_area+0xce/0x6d0 [ 447.692271][T14319] vfs_write+0x6ac/0x1070 [ 447.692301][T14319] ? __pfx_anon_pipe_write+0x10/0x10 [ 447.692338][T14319] ? __pfx_vfs_write+0x10/0x10 [ 447.692366][T14319] ? find_held_lock+0x2b/0x80 [ 447.692421][T14319] ksys_write+0x1f8/0x250 [ 447.692452][T14319] ? __pfx_ksys_write+0x10/0x10 [ 447.692496][T14319] do_syscall_64+0x106/0xf80 [ 447.692537][T14319] ? clear_bhb_loop+0x40/0x90 [ 447.692575][T14319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.692604][T14319] RIP: 0033:0x7f304af9c799 [ 447.692628][T14319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.692653][T14319] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 447.692678][T14319] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 447.692697][T14319] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 447.692713][T14319] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 447.692730][T14319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.692747][T14319] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 447.692788][T14319] [ 448.245535][T14315] nvme_fabrics: missing parameter 'transport=%s' [ 448.275813][T14325] netlink: 350 bytes leftover after parsing attributes in process `syz.3.3167'. [ 448.282628][T14315] nvme_fabrics: missing parameter 'nqn=%s' [ 448.890268][T14342] random: crng reseeded on system resumption [ 449.150949][T14344] zswap: compressor not available [ 449.165140][T14350] ACPI: button: Initial lid state set to 'ignore' [ 450.092545][T14369] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3185'. [ 450.283513][T14375] FAULT_INJECTION: forcing a failure. [ 450.283513][T14375] name failslab, interval 1, probability 0, space 0, times 0 [ 450.323133][T14375] CPU: 0 UID: 0 PID: 14375 Comm: syz.2.3188 Tainted: G L syzkaller #0 PREEMPT(full) [ 450.323188][T14375] Tainted: [L]=SOFTLOCKUP [ 450.323197][T14375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 450.323215][T14375] Call Trace: [ 450.323225][T14375] [ 450.323237][T14375] dump_stack_lvl+0x100/0x190 [ 450.323292][T14375] should_fail_ex.cold+0x5/0xa [ 450.323332][T14375] should_failslab+0xc2/0x120 [ 450.323368][T14375] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 450.323417][T14375] ? do_fcntl_add_lease+0x9d/0x550 [ 450.323458][T14375] do_fcntl_add_lease+0x9d/0x550 [ 450.323493][T14375] ? __pfx_do_fcntl_add_lease+0x10/0x10 [ 450.323532][T14375] ? __pfx_futex_wait+0x10/0x10 [ 450.323598][T14375] fcntl_setlease+0xfc/0x180 [ 450.323633][T14375] ? __pfx_fcntl_setlease+0x10/0x10 [ 450.323680][T14375] do_fcntl+0x1149/0x1670 [ 450.323725][T14375] ? __pfx_do_fcntl+0x10/0x10 [ 450.323763][T14375] ? __fget_files+0x215/0x3d0 [ 450.323813][T14375] ? tomoyo_file_fcntl+0x6c/0xc0 [ 450.323868][T14375] __x64_sys_fcntl+0x163/0x200 [ 450.323916][T14375] do_syscall_64+0x106/0xf80 [ 450.323961][T14375] ? clear_bhb_loop+0x40/0x90 [ 450.323999][T14375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.324031][T14375] RIP: 0033:0x7ff8ebb9c799 [ 450.324058][T14375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 450.324089][T14375] RSP: 002b:00007ff8ecab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 450.324121][T14375] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa0 RCX: 00007ff8ebb9c799 [ 450.324141][T14375] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000003 [ 450.324160][T14375] RBP: 00007ff8ebc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 450.324179][T14375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.324197][T14375] R13: 00007ff8ebe16038 R14: 00007ff8ebe15fa0 R15: 00007ffefcf5c838 [ 450.324239][T14375] [ 451.038435][T14387] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3193'. [ 451.226863][T14395] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3197'. [ 453.613137][T14442] netlink: 218 bytes leftover after parsing attributes in process `syz.1.3214'. [ 454.192316][T14460] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3219'. [ 454.264131][T14462] nbd: must specify at least one socket [ 456.580329][T14491] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3231'. [ 457.219644][T14516] FAULT_INJECTION: forcing a failure. [ 457.219644][T14516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.254792][T14516] CPU: 1 UID: 0 PID: 14516 Comm: syz.0.3249 Tainted: G L syzkaller #0 PREEMPT(full) [ 457.254839][T14516] Tainted: [L]=SOFTLOCKUP [ 457.254850][T14516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 457.254867][T14516] Call Trace: [ 457.254876][T14516] [ 457.254888][T14516] dump_stack_lvl+0x100/0x190 [ 457.254946][T14516] should_fail_ex.cold+0x5/0xa [ 457.254981][T14516] _copy_to_iter+0x1f3/0x1720 [ 457.255020][T14516] ? chacha_block_generic+0x211/0x330 [ 457.255115][T14516] ? __pfx__copy_to_iter+0x10/0x10 [ 457.255156][T14516] ? __pfx___might_resched+0x10/0x10 [ 457.255200][T14516] ? crng_make_state+0x2b0/0x6c0 [ 457.255238][T14516] get_random_bytes_user+0x17b/0x3d0 [ 457.255274][T14516] ? __pfx_get_random_bytes_user+0x10/0x10 [ 457.255317][T14516] ? do_futex+0x192/0x350 [ 457.255381][T14516] ? __fget_files+0x21f/0x3d0 [ 457.255409][T14516] ? import_ubuf+0x1b6/0x220 [ 457.255444][T14516] __x64_sys_getrandom+0x183/0x290 [ 457.255479][T14516] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 457.255531][T14516] do_syscall_64+0x106/0xf80 [ 457.255574][T14516] ? clear_bhb_loop+0x40/0x90 [ 457.255609][T14516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.255639][T14516] RIP: 0033:0x7f6f72f9c799 [ 457.255664][T14516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 457.255691][T14516] RSP: 002b:00007f6f73da9028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 457.255719][T14516] RAX: ffffffffffffffda RBX: 00007f6f73215fa0 RCX: 00007f6f72f9c799 [ 457.255738][T14516] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 457.255755][T14516] RBP: 00007f6f73032c99 R08: 0000000000000000 R09: 0000000000000000 [ 457.255771][T14516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.255788][T14516] R13: 00007f6f73216038 R14: 00007f6f73215fa0 R15: 00007ffef0cf7778 [ 457.255828][T14516] [ 457.976711][T14531] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3246'. [ 458.405108][T14539] input: f¬ as /devices/virtual/input/input10 [ 459.510179][T14554] FAULT_INJECTION: forcing a failure. [ 459.510179][T14554] name failslab, interval 1, probability 0, space 0, times 0 [ 459.533424][T14554] CPU: 1 UID: 0 PID: 14554 Comm: syz.1.3256 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.533456][T14554] Tainted: [L]=SOFTLOCKUP [ 459.533464][T14554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 459.533474][T14554] Call Trace: [ 459.533482][T14554] [ 459.533490][T14554] dump_stack_lvl+0x100/0x190 [ 459.533523][T14554] should_fail_ex.cold+0x5/0xa [ 459.533546][T14554] should_failslab+0xc2/0x120 [ 459.533570][T14554] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 459.533599][T14554] ? prepare_creds+0x2c/0x950 [ 459.533630][T14554] prepare_creds+0x2c/0x950 [ 459.533660][T14554] __do_sys_landlock_restrict_self+0x143/0x9e0 [ 459.533744][T14554] do_syscall_64+0x106/0xf80 [ 459.533774][T14554] ? clear_bhb_loop+0x40/0x90 [ 459.533797][T14554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.533815][T14554] RIP: 0033:0x7f304af9c799 [ 459.533831][T14554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.533855][T14554] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 459.533873][T14554] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 459.533884][T14554] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000003 [ 459.533894][T14554] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 459.533905][T14554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.533915][T14554] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 459.533937][T14554] [ 461.771881][T14605] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3276'. [ 463.031337][T14639] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3289'. [ 463.151619][T14636] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3289'. [ 463.496457][T14650] device-mapper: ioctl: device name cannot contain '/' [ 464.914023][T14684] smpboot: CPU 1 is now offline [ 466.468114][T14708] netlink: 114 bytes leftover after parsing attributes in process `syz.1.3315'. [ 466.871830][T14725] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3322'. [ 467.391206][T14730] zswap: compressor û not available [ 467.559621][T14736] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3325'. [ 467.590168][T14743] netlink: 130 bytes leftover after parsing attributes in process `syz.0.3328'. [ 467.946706][T14758] FAULT_INJECTION: forcing a failure. [ 467.946706][T14758] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 467.993708][T14758] CPU: 0 UID: 0 PID: 14758 Comm: syz.2.3333 Tainted: G L syzkaller #0 PREEMPT(full) [ 467.993740][T14758] Tainted: [L]=SOFTLOCKUP [ 467.993746][T14758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 467.993756][T14758] Call Trace: [ 467.993763][T14758] [ 467.993770][T14758] dump_stack_lvl+0x100/0x190 [ 467.993803][T14758] should_fail_ex.cold+0x5/0xa [ 467.993822][T14758] ? prepare_alloc_pages+0x16d/0x5f0 [ 467.993846][T14758] should_fail_alloc_page+0xeb/0x140 [ 467.993869][T14758] prepare_alloc_pages+0x1f0/0x5f0 [ 467.993901][T14758] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 467.993935][T14758] ? __lock_acquire+0x4a5/0x2630 [ 467.993959][T14758] ? update_cfs_rq_load_avg+0x51/0x550 [ 467.993985][T14758] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 467.994016][T14758] ? find_held_lock+0x2b/0x80 [ 467.994034][T14758] ? finish_task_switch.isra.0+0x200/0xb80 [ 467.994055][T14758] ? finish_task_switch.isra.0+0x200/0xb80 [ 467.994083][T14758] ? __lock_acquire+0x4a5/0x2630 [ 467.994107][T14758] ? trace_sched_exit_tp+0x13a/0x180 [ 467.994128][T14758] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 467.994149][T14758] ? policy_nodemask+0xed/0x4f0 [ 467.994171][T14758] alloc_pages_mpol+0x1fb/0x550 [ 467.994192][T14758] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 467.994210][T14758] ? aa_file_perm+0x7e4/0x14d0 [ 467.994235][T14758] ? aa_file_perm+0x7e4/0x14d0 [ 467.994264][T14758] ? qrtr_tun_write_iter+0xc1/0x1b0 [ 467.994352][T14758] ___kmalloc_large_node+0x104/0x150 [ 467.994377][T14758] __kmalloc_large_node_noprof+0x1c/0x70 [ 467.994401][T14758] __kmalloc_noprof+0x5be/0x850 [ 467.994435][T14758] qrtr_tun_write_iter+0xc1/0x1b0 [ 467.994458][T14758] do_iter_readv_writev+0x6ee/0x920 [ 467.994488][T14758] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 467.994519][T14758] ? bpf_lsm_file_permission+0x9/0x10 [ 467.994537][T14758] ? security_file_permission+0x76/0x210 [ 467.994561][T14758] ? rw_verify_area+0xce/0x6d0 [ 467.994592][T14758] vfs_writev+0x360/0xe10 [ 467.994627][T14758] ? __pfx_vfs_writev+0x10/0x10 [ 467.994672][T14758] ? __fget_files+0x21f/0x3d0 [ 467.994695][T14758] ? do_writev+0x13e/0x340 [ 467.994722][T14758] do_writev+0x13e/0x340 [ 467.994750][T14758] ? __pfx_do_writev+0x10/0x10 [ 467.994784][T14758] do_syscall_64+0x106/0xf80 [ 467.994810][T14758] ? clear_bhb_loop+0x40/0x90 [ 467.994833][T14758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.994851][T14758] RIP: 0033:0x7ff8ebb9c799 [ 467.994867][T14758] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.994890][T14758] RSP: 002b:00007ff8ecab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 467.994908][T14758] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa0 RCX: 00007ff8ebb9c799 [ 467.994920][T14758] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000003 [ 467.994930][T14758] RBP: 00007ff8ebc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 467.994940][T14758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.994950][T14758] R13: 00007ff8ebe16038 R14: 00007ff8ebe15fa0 R15: 00007ffefcf5c838 [ 467.994974][T14758] [ 468.674908][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 469.397659][T14783] netlink: 'syz.3.3344': attribute type 4 has an invalid length. [ 469.416182][T14783] netlink: 314 bytes leftover after parsing attributes in process `syz.3.3344'. [ 470.121326][ T29] audit: type=1800 audit(4294967310.170:18): pid=14795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3349" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 471.795862][T14832] netlink: 'syz.3.3362': attribute type 2 has an invalid length. [ 478.520580][T14873] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3366'. [ 478.573292][T14873] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 478.623097][T14873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 478.645976][T14873] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 478.681718][T14873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 478.822549][T14883] FAULT_INJECTION: forcing a failure. [ 478.822549][T14883] name failslab, interval 1, probability 0, space 0, times 0 [ 478.866339][T14883] CPU: 0 UID: 0 PID: 14883 Comm: syz.3.3370 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.866370][T14883] Tainted: [L]=SOFTLOCKUP [ 478.866377][T14883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 478.866388][T14883] Call Trace: [ 478.866394][T14883] [ 478.866401][T14883] dump_stack_lvl+0x100/0x190 [ 478.866434][T14883] should_fail_ex.cold+0x5/0xa [ 478.866456][T14883] should_failslab+0xc2/0x120 [ 478.866477][T14883] __kmalloc_cache_noprof+0x7a/0x6f0 [ 478.866502][T14883] ? snd_card_file_add+0x52/0x340 [ 478.866529][T14883] snd_card_file_add+0x52/0x340 [ 478.866554][T14883] snd_pcm_oss_open+0x1c2/0x1390 [ 478.866583][T14883] ? kasan_quarantine_put+0x104/0x240 [ 478.866611][T14883] ? lockdep_hardirqs_on+0x78/0x100 [ 478.866640][T14883] ? find_held_lock+0x2b/0x80 [ 478.866658][T14883] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 478.866683][T14883] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 478.866705][T14883] ? __lock_acquire+0x4a5/0x2630 [ 478.866749][T14883] ? __lock_acquire+0x4a5/0x2630 [ 478.866778][T14883] ? do_raw_spin_lock+0x128/0x260 [ 478.866807][T14883] ? soundcore_open+0x231/0x5a0 [ 478.866827][T14883] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 478.866850][T14883] soundcore_open+0x2e3/0x5a0 [ 478.866871][T14883] ? __pfx_soundcore_open+0x10/0x10 [ 478.866890][T14883] chrdev_open+0x234/0x6a0 [ 478.866910][T14883] ? __pfx_apparmor_file_open+0x10/0x10 [ 478.866929][T14883] ? __pfx_chrdev_open+0x10/0x10 [ 478.866950][T14883] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 478.866975][T14883] do_dentry_open+0x6d8/0x1660 [ 478.866994][T14883] ? __pfx_chrdev_open+0x10/0x10 [ 478.867019][T14883] vfs_open+0x82/0x3f0 [ 478.867045][T14883] path_openat+0x208c/0x31a0 [ 478.867072][T14883] ? __pfx_path_openat+0x10/0x10 [ 478.867099][T14883] do_file_open+0x20e/0x430 [ 478.867120][T14883] ? __pfx_do_file_open+0x10/0x10 [ 478.867155][T14883] ? alloc_fd+0x476/0x790 [ 478.867175][T14883] ? do_getname+0x191/0x390 [ 478.867201][T14883] do_sys_openat2+0x10d/0x1e0 [ 478.867225][T14883] ? __pfx_do_sys_openat2+0x10/0x10 [ 478.867252][T14883] ? __fget_files+0x21f/0x3d0 [ 478.867274][T14883] __x64_sys_openat+0x12d/0x210 [ 478.867299][T14883] ? __pfx___x64_sys_openat+0x10/0x10 [ 478.867333][T14883] do_syscall_64+0x106/0xf80 [ 478.867359][T14883] ? clear_bhb_loop+0x40/0x90 [ 478.867382][T14883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.867400][T14883] RIP: 0033:0x7f5a0b39c799 [ 478.867416][T14883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 478.867433][T14883] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 478.867451][T14883] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 478.867462][T14883] RDX: 0000000000020342 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 478.867473][T14883] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 478.867483][T14883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.867494][T14883] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 478.867516][T14883] [ 480.028116][T14907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3379'. [ 480.110885][T14902] sctp: [Deprecated]: syz.3.3377 (pid 14902) Use of struct sctp_assoc_value in delayed_ack socket option. [ 480.110885][T14902] Use struct sctp_sack_info instead [ 480.199185][T14905] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3378'. [ 480.224724][T14905] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3378'. [ 482.362638][T14966] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3400'. [ 482.404115][T14967] syz.1.3399 uses obsolete (PF_INET,SOCK_PACKET) [ 482.582542][T14971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3402'. [ 482.627464][T14971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.650330][T14971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 482.676029][T14971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.698619][T14971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 482.967747][T14982] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3406'. [ 482.977950][T14983] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3407'. [ 483.019868][T14982] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 483.046696][T14982] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 483.290539][T14994] futex_wake_op: syz.2.3411 tries to shift op by -2048; fix this program [ 483.326101][T14994] 0x000400000001-0x00041f8b7c29 : "" [ 483.347006][T14994] mtd: partition "" is out of reach -- disabled [ 483.387490][T14994] ftl_cs: FTL header not found. [ 483.591080][T14997] ERROR: Out of memory at tomoyo_memory_ok. [ 483.879509][T15009] Format for adding new port is "id [perm_addr]" (uint MAC). [ 483.954029][T15011] Unable to find swap-space signature [ 484.425650][T15020] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3420'. [ 484.569262][T15020] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 484.597691][T15020] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 484.632635][T15020] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 484.677829][T15020] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.618353][T15045] FAULT_INJECTION: forcing a failure. [ 485.618353][T15045] name failslab, interval 1, probability 0, space 0, times 0 [ 485.674158][T15045] CPU: 0 UID: 0 PID: 15045 Comm: syz.1.3430 Tainted: G L syzkaller #0 PREEMPT(full) [ 485.674189][T15045] Tainted: [L]=SOFTLOCKUP [ 485.674196][T15045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 485.674206][T15045] Call Trace: [ 485.674213][T15045] [ 485.674221][T15045] dump_stack_lvl+0x100/0x190 [ 485.674254][T15045] should_fail_ex.cold+0x5/0xa [ 485.674277][T15045] should_failslab+0xc2/0x120 [ 485.674298][T15045] __kvmalloc_node_noprof+0xfa/0xa00 [ 485.674328][T15045] ? seq_read_iter+0x819/0x1270 [ 485.674361][T15045] seq_read_iter+0x819/0x1270 [ 485.674404][T15045] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 485.674446][T15045] kernfs_fop_read_iter+0x46c/0x610 [ 485.674473][T15045] copy_splice_read+0x4ba/0xb90 [ 485.674497][T15045] ? __pfx_copy_splice_read+0x10/0x10 [ 485.674519][T15045] ? look_up_lock_class+0x55/0x120 [ 485.674552][T15045] ? lockdep_init_map_type+0x5c/0x250 [ 485.674578][T15045] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 485.674609][T15045] ? __pfx_copy_splice_read+0x10/0x10 [ 485.674627][T15045] do_splice_read+0x285/0x370 [ 485.674648][T15045] splice_direct_to_actor+0x2a1/0xa30 [ 485.674669][T15045] ? __pfx_direct_splice_actor+0x10/0x10 [ 485.674695][T15045] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 485.674722][T15045] do_splice_direct+0x174/0x240 [ 485.674741][T15045] ? __pfx_do_splice_direct+0x10/0x10 [ 485.674761][T15045] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 485.674795][T15045] ? rw_verify_area+0xce/0x6d0 [ 485.674823][T15045] do_sendfile+0xadc/0xe20 [ 485.674856][T15045] ? __pfx_do_sendfile+0x10/0x10 [ 485.674914][T15045] ? __x64_sys_futex+0x34f/0x4d0 [ 485.674938][T15045] ? __x64_sys_futex+0x358/0x4d0 [ 485.674964][T15045] __x64_sys_sendfile64+0x1d8/0x220 [ 485.674988][T15045] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 485.675018][T15045] do_syscall_64+0x106/0xf80 [ 485.675044][T15045] ? clear_bhb_loop+0x40/0x90 [ 485.675069][T15045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.675092][T15045] RIP: 0033:0x7f304af9c799 [ 485.675108][T15045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.675125][T15045] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 485.675143][T15045] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 485.675155][T15045] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 485.675165][T15045] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 485.675176][T15045] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000000 [ 485.675187][T15045] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 485.675210][T15045] [ 486.683497][T15053] vhci_hcd vhci_hcd.2: invalid port number 111 [ 486.703164][T15053] vhci_hcd vhci_hcd.2: default hub control req: a356 va1b7 i006f l230 [ 486.981356][T15059] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3435'. [ 486.999363][T15061] sctp: [Deprecated]: syz.2.3436 (pid 15061) Use of struct sctp_assoc_value in delayed_ack socket option. [ 486.999363][T15061] Use struct sctp_sack_info instead [ 487.033167][T15059] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.040568][T15059] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.090072][T15059] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 487.108382][T15059] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 488.173692][T15086] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3446'. [ 488.354100][T15089] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3446'. [ 488.783447][T15099] random: crng reseeded on system resumption [ 489.121425][T15107] netlink: 122 bytes leftover after parsing attributes in process `syz.3.3454'. [ 489.524133][T15117] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3458'. [ 489.564493][T15117] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3458'. [ 490.386533][T15133] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3464'. [ 493.950553][T15196] FAULT_INJECTION: forcing a failure. [ 493.950553][T15196] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 494.001130][T15196] CPU: 0 UID: 0 PID: 15196 Comm: syz.2.3488 Tainted: G L syzkaller #0 PREEMPT(full) [ 494.001162][T15196] Tainted: [L]=SOFTLOCKUP [ 494.001169][T15196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 494.001180][T15196] Call Trace: [ 494.001188][T15196] [ 494.001196][T15196] dump_stack_lvl+0x100/0x190 [ 494.001229][T15196] should_fail_ex.cold+0x5/0xa [ 494.001248][T15196] ? prepare_alloc_pages+0x16d/0x5f0 [ 494.001277][T15196] should_fail_alloc_page+0xeb/0x140 [ 494.001304][T15196] prepare_alloc_pages+0x1f0/0x5f0 [ 494.001329][T15196] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 494.001362][T15196] ? reacquire_held_locks+0xce/0x1e0 [ 494.001387][T15196] ? folio_lock_anon_vma_read+0x348/0xe30 [ 494.001416][T15196] ? folio_lock_anon_vma_read+0x348/0xe30 [ 494.001446][T15196] ? __up_read+0x2c5/0x700 [ 494.001473][T15196] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 494.001501][T15196] ? __pfx___up_read+0x10/0x10 [ 494.001526][T15196] ? rmap_walk_anon+0x561/0x870 [ 494.001568][T15196] __folio_alloc_noprof+0x13/0x2f0 [ 494.001597][T15196] alloc_migration_target+0x1d7/0x6d0 [ 494.001621][T15196] migrate_pages_batch+0x4f2/0x4530 [ 494.001646][T15196] ? __pfx_alloc_migration_target+0x10/0x10 [ 494.001675][T15196] ? walk_pgd_range+0x1115/0x1eb0 [ 494.001703][T15196] ? __pfx_migrate_pages_batch+0x10/0x10 [ 494.001741][T15196] migrate_pages_sync+0x12c/0x880 [ 494.001765][T15196] ? __pfx_alloc_migration_target+0x10/0x10 [ 494.001792][T15196] ? __pfx_migrate_pages_sync+0x10/0x10 [ 494.001813][T15196] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 494.001840][T15196] ? walk_page_range_mm_unsafe+0x32c/0xa10 [ 494.001874][T15196] migrate_pages+0x1aae/0x28a0 [ 494.001901][T15196] ? __pfx_alloc_migration_target+0x10/0x10 [ 494.001927][T15196] ? __pfx_migrate_pages+0x10/0x10 [ 494.001960][T15196] ? queue_pages_range+0x11e/0x180 [ 494.001990][T15196] ? __up_read+0x2c5/0x700 [ 494.002017][T15196] ? __pfx___up_read+0x10/0x10 [ 494.002043][T15196] ? do_migrate_pages+0x451/0x740 [ 494.002063][T15196] ? do_migrate_pages+0x451/0x740 [ 494.002088][T15196] do_migrate_pages+0x488/0x740 [ 494.002115][T15196] ? __pfx_do_migrate_pages+0x10/0x10 [ 494.002140][T15196] ? rcu_is_watching+0x12/0xc0 [ 494.002169][T15196] ? cap_capable+0x107/0x460 [ 494.002197][T15196] ? get_task_mm+0xc2/0xf0 [ 494.002216][T15196] ? security_capable+0xbd/0x260 [ 494.002248][T15196] kernel_migrate_pages+0x560/0x700 [ 494.002269][T15196] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 494.002289][T15196] ? xfd_validate_state+0x129/0x190 [ 494.002320][T15196] __x64_sys_migrate_pages+0x96/0x100 [ 494.002342][T15196] ? lockdep_hardirqs_on+0x78/0x100 [ 494.002370][T15196] do_syscall_64+0x106/0xf80 [ 494.002396][T15196] ? clear_bhb_loop+0x40/0x90 [ 494.002418][T15196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.002439][T15196] RIP: 0033:0x7ff8ebb9c799 [ 494.002456][T15196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.002474][T15196] RSP: 002b:00007ff8ecab6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 494.002493][T15196] RAX: ffffffffffffffda RBX: 00007ff8ebe15fa0 RCX: 00007ff8ebb9c799 [ 494.002504][T15196] RDX: 0000200000000100 RSI: 000000000000000a RDI: 0000000000000000 [ 494.002515][T15196] RBP: 00007ff8ebc32c99 R08: 0000000000000000 R09: 0000000000000000 [ 494.002526][T15196] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000 [ 494.002537][T15196] R13: 00007ff8ebe16038 R14: 00007ff8ebe15fa0 R15: 00007ffefcf5c838 [ 494.002560][T15196] [ 494.976463][T15202] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3493'. [ 495.883462][T15224] FAULT_INJECTION: forcing a failure. [ 495.883462][T15224] name failslab, interval 1, probability 0, space 0, times 0 [ 495.944166][T15224] CPU: 0 UID: 0 PID: 15224 Comm: syz.3.3500 Tainted: G L syzkaller #0 PREEMPT(full) [ 495.944198][T15224] Tainted: [L]=SOFTLOCKUP [ 495.944205][T15224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 495.944216][T15224] Call Trace: [ 495.944222][T15224] [ 495.944229][T15224] dump_stack_lvl+0x100/0x190 [ 495.944262][T15224] should_fail_ex.cold+0x5/0xa [ 495.944285][T15224] should_failslab+0xc2/0x120 [ 495.944306][T15224] __kmalloc_cache_noprof+0x7a/0x6f0 [ 495.944332][T15224] ? tomoyo_write_log2+0x333/0xbc0 [ 495.944361][T15224] tomoyo_write_log2+0x333/0xbc0 [ 495.944390][T15224] tomoyo_supervisor+0x15e/0x1340 [ 495.944423][T15224] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 495.944462][T15224] ? kasan_quarantine_put+0x104/0x240 [ 495.944493][T15224] ? tomoyo_check_path_acl+0x141/0x210 [ 495.944514][T15224] ? tomoyo_check_acl+0x1f7/0x410 [ 495.944536][T15224] tomoyo_path_permission+0x270/0x3b0 [ 495.944559][T15224] tomoyo_check_open_permission+0x37f/0x3c0 [ 495.944583][T15224] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 495.944627][T15224] ? do_raw_spin_lock+0x128/0x260 [ 495.944657][T15224] ? path_get+0x61/0x80 [ 495.944681][T15224] tomoyo_file_open+0x6b/0x90 [ 495.944711][T15224] security_file_open+0xb5/0x1e0 [ 495.944735][T15224] do_dentry_open+0x5aa/0x1660 [ 495.944755][T15224] ? security_inode_permission+0xbf/0x250 [ 495.944781][T15224] vfs_open+0x82/0x3f0 [ 495.944815][T15224] path_openat+0x208c/0x31a0 [ 495.944842][T15224] ? __pfx_path_openat+0x10/0x10 [ 495.944871][T15224] do_file_open+0x20e/0x430 [ 495.944892][T15224] ? __pfx_do_file_open+0x10/0x10 [ 495.944929][T15224] ? alloc_fd+0x476/0x790 [ 495.944950][T15224] ? do_getname+0x191/0x390 [ 495.944976][T15224] do_sys_openat2+0x10d/0x1e0 [ 495.945001][T15224] ? __pfx_do_sys_openat2+0x10/0x10 [ 495.945028][T15224] ? __fget_files+0x21f/0x3d0 [ 495.945051][T15224] __x64_sys_openat+0x12d/0x210 [ 495.945078][T15224] ? __pfx___x64_sys_openat+0x10/0x10 [ 495.945112][T15224] do_syscall_64+0x106/0xf80 [ 495.945140][T15224] ? clear_bhb_loop+0x40/0x90 [ 495.945162][T15224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.945181][T15224] RIP: 0033:0x7f5a0b39c799 [ 495.945201][T15224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 495.945219][T15224] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 495.945238][T15224] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 495.945249][T15224] RDX: 0000000000020342 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 495.945260][T15224] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 495.945270][T15224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.945281][T15224] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 495.945304][T15224] [ 496.582332][T15227] FAULT_INJECTION: forcing a failure. [ 496.582332][T15227] name failslab, interval 1, probability 0, space 0, times 0 [ 496.649903][T15227] CPU: 0 UID: 0 PID: 15227 Comm: syz.1.3501 Tainted: G L syzkaller #0 PREEMPT(full) [ 496.649936][T15227] Tainted: [L]=SOFTLOCKUP [ 496.649943][T15227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 496.649954][T15227] Call Trace: [ 496.649960][T15227] [ 496.649968][T15227] dump_stack_lvl+0x100/0x190 [ 496.650001][T15227] should_fail_ex.cold+0x5/0xa [ 496.650023][T15227] should_failslab+0xc2/0x120 [ 496.650045][T15227] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 496.650073][T15227] ? __pmd_alloc+0xbf/0x950 [ 496.650100][T15227] __pmd_alloc+0xbf/0x950 [ 496.650120][T15227] ? mt_find+0x687/0x8e0 [ 496.650139][T15227] huge_pte_alloc+0x5ee/0x730 [ 496.650167][T15227] hugetlb_fault+0x363/0x1450 [ 496.650194][T15227] ? __pfx_hugetlb_fault+0x10/0x10 [ 496.650227][T15227] ? find_vma+0xbf/0x140 [ 496.650245][T15227] ? __pfx_find_vma+0x10/0x10 [ 496.650265][T15227] handle_mm_fault+0x5f1/0xa20 [ 496.650296][T15227] do_user_addr_fault+0x74c/0x12f0 [ 496.650321][T15227] exc_page_fault+0x6f/0xd0 [ 496.650350][T15227] asm_exc_page_fault+0x26/0x30 [ 496.650368][T15227] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 496.650390][T15227] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 496.650407][T15227] RSP: 0018:ffffc90004ecfd30 EFLAGS: 00050202 [ 496.650422][T15227] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 496.650433][T15227] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc90004ecfda0 [ 496.650444][T15227] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff520009d9fb4 [ 496.650454][T15227] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 496.650464][T15227] R13: ffffc90004ecfda0 R14: 0000000000000000 R15: 0000000000000000 [ 496.650486][T15227] _copy_from_user+0x98/0xd0 [ 496.650511][T15227] do_sock_getsockopt+0x30b/0x3d0 [ 496.650591][T15227] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 496.650623][T15227] __sys_getsockopt+0x133/0x1d0 [ 496.650675][T15227] ? __x64_sys_getsockopt+0xbd/0x160 [ 496.650700][T15227] __x64_sys_getsockopt+0xbd/0x160 [ 496.650726][T15227] ? do_syscall_64+0x95/0xf80 [ 496.650752][T15227] ? lockdep_hardirqs_on+0x78/0x100 [ 496.650780][T15227] do_syscall_64+0x106/0xf80 [ 496.650814][T15227] ? clear_bhb_loop+0x40/0x90 [ 496.650837][T15227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.650855][T15227] RIP: 0033:0x7f304af9c799 [ 496.650870][T15227] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 496.650888][T15227] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 496.650905][T15227] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 496.650917][T15227] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003 [ 496.650931][T15227] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 496.650942][T15227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 496.650952][T15227] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 496.650976][T15227] [ 499.552924][T15248] sctp: [Deprecated]: syz.1.3507 (pid 15248) Use of struct sctp_assoc_value in delayed_ack socket option. [ 499.552924][T15248] Use struct sctp_sack_info instead [ 500.507364][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.515935][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.244643][T15277] block nbd8: shutting down sockets [ 501.454469][T15281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3519'. [ 501.515454][T15281] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3519'. [ 501.593331][T15284] FAULT_INJECTION: forcing a failure. [ 501.593331][T15284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 501.691719][T15284] CPU: 0 UID: 0 PID: 15284 Comm: syz.3.3520 Tainted: G L syzkaller #0 PREEMPT(full) [ 501.691751][T15284] Tainted: [L]=SOFTLOCKUP [ 501.691758][T15284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.691768][T15284] Call Trace: [ 501.691775][T15284] [ 501.691783][T15284] dump_stack_lvl+0x100/0x190 [ 501.691816][T15284] should_fail_ex.cold+0x5/0xa [ 501.691836][T15284] ? prepare_alloc_pages+0x16d/0x5f0 [ 501.691860][T15284] should_fail_alloc_page+0xeb/0x140 [ 501.691882][T15284] prepare_alloc_pages+0x1f0/0x5f0 [ 501.691907][T15284] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 501.691938][T15284] ? __lock_acquire+0x4a5/0x2630 [ 501.691962][T15284] ? update_cfs_rq_load_avg+0x51/0x550 [ 501.691992][T15284] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 501.692021][T15284] ? find_held_lock+0x2b/0x80 [ 501.692039][T15284] ? finish_task_switch.isra.0+0x200/0xb80 [ 501.692059][T15284] ? finish_task_switch.isra.0+0x200/0xb80 [ 501.692080][T15284] ? rcu_is_watching+0x12/0xc0 [ 501.692108][T15284] ? finish_task_switch.isra.0+0x205/0xb80 [ 501.692128][T15284] ? lockdep_hardirqs_on+0x78/0x100 [ 501.692157][T15284] ? rcu_is_watching+0x12/0xc0 [ 501.692185][T15284] ? trace_sched_exit_tp+0x13a/0x180 [ 501.692211][T15284] ? __schedule+0x1000/0x6120 [ 501.692237][T15284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 501.692258][T15284] ? policy_nodemask+0xed/0x4f0 [ 501.692279][T15284] alloc_pages_mpol+0x1fb/0x550 [ 501.692301][T15284] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 501.692323][T15284] ? find_held_lock+0x2b/0x80 [ 501.692343][T15284] ? iovec_from_user+0x8d/0x140 [ 501.692364][T15284] ___kmalloc_large_node+0x104/0x150 [ 501.692389][T15284] __kmalloc_large_node_noprof+0x1c/0x70 [ 501.692414][T15284] __kmalloc_noprof+0x5be/0x850 [ 501.692446][T15284] iovec_from_user+0x8d/0x140 [ 501.692472][T15284] __import_iovec+0x81/0x640 [ 501.692501][T15284] import_iovec+0x82/0xb0 [ 501.692527][T15284] vfs_writev+0x197/0xe10 [ 501.692554][T15284] ? rcu_is_watching+0x12/0xc0 [ 501.692582][T15284] ? trace_contention_end+0x140/0x180 [ 501.692611][T15284] ? __pfx_vfs_writev+0x10/0x10 [ 501.692638][T15284] ? fdget_pos+0x2aa/0x380 [ 501.692673][T15284] ? __fget_files+0x21f/0x3d0 [ 501.692704][T15284] ? do_writev+0x13e/0x340 [ 501.692731][T15284] do_writev+0x13e/0x340 [ 501.692761][T15284] ? __pfx_do_writev+0x10/0x10 [ 501.692795][T15284] do_syscall_64+0x106/0xf80 [ 501.692822][T15284] ? clear_bhb_loop+0x40/0x90 [ 501.692844][T15284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.692863][T15284] RIP: 0033:0x7f5a0b39c799 [ 501.692879][T15284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.692897][T15284] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 501.692915][T15284] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 501.692926][T15284] RDX: 01000000000003fa RSI: 0000000000000000 RDI: 0000000000000004 [ 501.692940][T15284] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 501.692951][T15284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.692961][T15284] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 501.692984][T15284] [ 502.819966][T15301] Unable to find swap-space signature [ 503.468533][T15313] netlink: 'syz.0.3530': attribute type 27 has an invalid length. [ 503.523139][T15313] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3530'. [ 504.900070][T15347] synth uevent: /module/drm_display_helper: unknown uevent action string [ 505.449690][T15361] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3549'. [ 506.664489][T15390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3561'. [ 509.275907][T15450] FAULT_INJECTION: forcing a failure. [ 509.275907][T15450] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 509.344286][T15450] CPU: 0 UID: 0 PID: 15450 Comm: syz.2.3583 Tainted: G L syzkaller #0 PREEMPT(full) [ 509.344318][T15450] Tainted: [L]=SOFTLOCKUP [ 509.344324][T15450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 509.344336][T15450] Call Trace: [ 509.344343][T15450] [ 509.344351][T15450] dump_stack_lvl+0x100/0x190 [ 509.344384][T15450] should_fail_ex.cold+0x5/0xa [ 509.344403][T15450] ? prepare_alloc_pages+0x16d/0x5f0 [ 509.344429][T15450] should_fail_alloc_page+0xeb/0x140 [ 509.344451][T15450] prepare_alloc_pages+0x1f0/0x5f0 [ 509.344472][T15450] ? arch_stack_walk+0xa6/0xf0 [ 509.344493][T15450] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 509.344528][T15450] ? stack_trace_save+0x8e/0xc0 [ 509.344554][T15450] ? __pfx_stack_trace_save+0x10/0x10 [ 509.344574][T15450] ? stack_depot_save_flags+0x27/0x9d0 [ 509.344602][T15450] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 509.344630][T15450] ? kasan_save_stack+0x3f/0x50 [ 509.344658][T15450] ? kasan_save_stack+0x30/0x50 [ 509.344685][T15450] ? kasan_save_track+0x14/0x30 [ 509.344701][T15450] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 509.344728][T15450] ? move_page_tables+0x3224/0x4500 [ 509.344753][T15450] ? copy_vma_and_data+0x25c/0x7c0 [ 509.344779][T15450] ? move_vma+0x51b/0x1890 [ 509.344802][T15450] ? mremap_to+0x1b7/0x450 [ 509.344827][T15450] ? do_mremap+0xb76/0x2130 [ 509.344852][T15450] ? __do_sys_mremap+0x126/0x170 [ 509.344878][T15450] ? do_syscall_64+0x106/0xf80 [ 509.344904][T15450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.344933][T15450] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 509.344952][T15450] ? policy_nodemask+0xed/0x4f0 [ 509.344974][T15450] alloc_pages_mpol+0x1fb/0x550 [ 509.344995][T15450] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 509.345021][T15450] alloc_pages_noprof+0x131/0x390 [ 509.345047][T15450] pte_alloc_one+0x1c/0x3d0 [ 509.345071][T15450] __pte_alloc+0x6d/0x3e0 [ 509.345090][T15450] ? __pfx___pte_alloc+0x10/0x10 [ 509.345109][T15450] ? _raw_spin_unlock+0x28/0x50 [ 509.345133][T15450] ? __pmd_alloc+0x3fb/0x950 [ 509.345157][T15450] move_page_tables+0x257e/0x4500 [ 509.345186][T15450] ? __pfx_copy_vma+0x10/0x10 [ 509.345221][T15450] ? __pfx_move_page_tables+0x10/0x10 [ 509.345265][T15450] ? finish_task_switch.isra.0+0x200/0xb80 [ 509.345289][T15450] copy_vma_and_data+0x25c/0x7c0 [ 509.345318][T15450] ? __pfx_copy_vma_and_data+0x10/0x10 [ 509.345355][T15450] ? __vma_start_write+0x17f/0x280 [ 509.345378][T15450] ? __pfx___vma_start_write+0x10/0x10 [ 509.345409][T15450] move_vma+0x51b/0x1890 [ 509.345439][T15450] ? __pfx_move_vma+0x10/0x10 [ 509.345469][T15450] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 509.345491][T15450] ? cap_mmap_addr+0x4b/0x120 [ 509.345508][T15450] ? bpf_lsm_mmap_addr+0x9/0x30 [ 509.345524][T15450] ? security_mmap_addr+0x71/0x1e0 [ 509.345554][T15450] ? __get_unmapped_area+0x255/0x3e0 [ 509.345578][T15450] ? vrm_set_new_addr+0x204/0x290 [ 509.345606][T15450] mremap_to+0x1b7/0x450 [ 509.345635][T15450] do_mremap+0xb76/0x2130 [ 509.345673][T15450] ? __pfx_do_mremap+0x10/0x10 [ 509.345707][T15450] ? ksys_write+0x190/0x250 [ 509.345731][T15450] __do_sys_mremap+0x126/0x170 [ 509.345759][T15450] ? __pfx___do_sys_mremap+0x10/0x10 [ 509.345793][T15450] ? __x64_sys_futex+0x34f/0x4d0 [ 509.345831][T15450] do_syscall_64+0x106/0xf80 [ 509.345858][T15450] ? clear_bhb_loop+0x40/0x90 [ 509.345880][T15450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.345898][T15450] RIP: 0033:0x7ff8ebb9c799 [ 509.345915][T15450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 509.345932][T15450] RSP: 002b:00007ff8eca95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 509.345950][T15450] RAX: ffffffffffffffda RBX: 00007ff8ebe16090 RCX: 00007ff8ebb9c799 [ 509.345961][T15450] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 509.345971][T15450] RBP: 00007ff8ebc32c99 R08: 0000000100000000 R09: 0000000000000000 [ 509.345982][T15450] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 509.345992][T15450] R13: 00007ff8ebe16128 R14: 00007ff8ebe16090 R15: 00007ffefcf5c838 [ 509.346017][T15450] [ 510.621033][T15474] FAULT_INJECTION: forcing a failure. [ 510.621033][T15474] name failslab, interval 1, probability 0, space 0, times 0 [ 510.683747][T15474] CPU: 0 UID: 0 PID: 15474 Comm: syz.3.3594 Tainted: G L syzkaller #0 PREEMPT(full) [ 510.683778][T15474] Tainted: [L]=SOFTLOCKUP [ 510.683785][T15474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 510.683796][T15474] Call Trace: [ 510.683803][T15474] [ 510.683811][T15474] dump_stack_lvl+0x100/0x190 [ 510.683844][T15474] should_fail_ex.cold+0x5/0xa [ 510.683866][T15474] should_failslab+0xc2/0x120 [ 510.683888][T15474] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 510.683915][T15474] ? __anon_vma_prepare+0x344/0x5e0 [ 510.683945][T15474] __anon_vma_prepare+0x344/0x5e0 [ 510.683970][T15474] ? __pfx___pte_alloc+0x10/0x10 [ 510.683994][T15474] __vmf_anon_prepare+0x11f/0x250 [ 510.684017][T15474] do_anonymous_page+0x552/0x1fb0 [ 510.684052][T15474] __handle_mm_fault+0x1d42/0x2b60 [ 510.684082][T15474] ? mt_find+0x45e/0x8e0 [ 510.684101][T15474] ? __pfx___handle_mm_fault+0x10/0x10 [ 510.684125][T15474] ? __pfx_mt_find+0x10/0x10 [ 510.684160][T15474] handle_mm_fault+0x36d/0xa20 [ 510.684189][T15474] __get_user_pages+0xf9c/0x34d0 [ 510.684219][T15474] ? __pfx___get_user_pages+0x10/0x10 [ 510.684247][T15474] populate_vma_page_range+0x267/0x3f0 [ 510.684271][T15474] ? __pfx_populate_vma_page_range+0x10/0x10 [ 510.684294][T15474] ? __pfx_find_vma_intersection+0x10/0x10 [ 510.684315][T15474] ? do_mmap+0x93f/0x12f0 [ 510.684338][T15474] __mm_populate+0x107/0x3a0 [ 510.684362][T15474] ? __pfx___mm_populate+0x10/0x10 [ 510.684386][T15474] ? up_write+0x290/0x4f0 [ 510.684416][T15474] vm_mmap_pgoff+0x37f/0x470 [ 510.684440][T15474] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 510.684463][T15474] ? do_futex+0x192/0x350 [ 510.684487][T15474] ? __pfx_do_futex+0x10/0x10 [ 510.684515][T15474] ksys_mmap_pgoff+0xe1/0x650 [ 510.684544][T15474] ? __x64_sys_futex+0x34f/0x4d0 [ 510.684567][T15474] ? __x64_sys_futex+0x358/0x4d0 [ 510.684592][T15474] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 510.684612][T15474] ? xfd_validate_state+0x129/0x190 [ 510.684643][T15474] __x64_sys_mmap+0x125/0x190 [ 510.684674][T15474] do_syscall_64+0x106/0xf80 [ 510.684701][T15474] ? clear_bhb_loop+0x40/0x90 [ 510.684723][T15474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.684742][T15474] RIP: 0033:0x7f5a0b39c799 [ 510.684759][T15474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.684775][T15474] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 510.684793][T15474] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 510.684804][T15474] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 510.684815][T15474] RBP: 00007f5a0b432c99 R08: 0000000000000002 R09: 0000000000008000 [ 510.684825][T15474] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 510.684836][T15474] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 510.684858][T15474] [ 512.686605][T15519] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3610'. [ 513.540945][T15539] netlink: 206 bytes leftover after parsing attributes in process `syz.2.3619'. [ 513.847249][T15547] ======================================================= [ 513.847249][T15547] WARNING: The mand mount option has been deprecated and [ 513.847249][T15547] and is ignored by this kernel. Remove the mand [ 513.847249][T15547] option from the mount to silence this warning. [ 513.847249][T15547] ======================================================= [ 514.426103][T15556] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3624'. [ 515.364266][T15577] dyndbg: expected <4096 bytes into control [ 515.371241][ T29] audit: type=1326 audit(4294967355.420:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15575 comm="syz.2.3632" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff8ebb9c799 code=0x0 [ 515.694544][T15585] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3636'. [ 517.415572][T15620] Unable to find swap-space signature [ 520.158745][T15684] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3665'. [ 520.608006][T15696] netlink: 146 bytes leftover after parsing attributes in process `syz.0.3668'. [ 521.396731][T15718] aoe: skb alloc failure [ 521.426295][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 521.435730][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 521.954647][T15731] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3682'. [ 523.381111][T15757] FAULT_INJECTION: forcing a failure. [ 523.381111][T15757] name failslab, interval 1, probability 0, space 0, times 0 [ 523.443072][T15757] CPU: 0 UID: 0 PID: 15757 Comm: syz.1.3693 Tainted: G L syzkaller #0 PREEMPT(full) [ 523.443105][T15757] Tainted: [L]=SOFTLOCKUP [ 523.443111][T15757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 523.443122][T15757] Call Trace: [ 523.443129][T15757] [ 523.443136][T15757] dump_stack_lvl+0x100/0x190 [ 523.443168][T15757] should_fail_ex.cold+0x5/0xa [ 523.443191][T15757] should_failslab+0xc2/0x120 [ 523.443212][T15757] __kmalloc_cache_noprof+0x7a/0x6f0 [ 523.443237][T15757] ? alloc_tty_struct+0x96/0x8c0 [ 523.443346][T15757] ? ptmx_open+0x102/0x3c0 [ 523.443400][T15757] alloc_tty_struct+0x96/0x8c0 [ 523.443429][T15757] ? __mutex_unlock_slowpath+0x15c/0x790 [ 523.443460][T15757] ? __pfx_alloc_tty_struct+0x10/0x10 [ 523.443490][T15757] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 523.443525][T15757] tty_init_dev.part.0+0x20/0x470 [ 523.443557][T15757] tty_init_dev+0x60/0x80 [ 523.443573][T15757] ptmx_open+0x15e/0x3c0 [ 523.443596][T15757] ? __pfx_ptmx_open+0x10/0x10 [ 523.443618][T15757] chrdev_open+0x234/0x6a0 [ 523.443638][T15757] ? __pfx_apparmor_file_open+0x10/0x10 [ 523.443658][T15757] ? __pfx_chrdev_open+0x10/0x10 [ 523.443678][T15757] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 523.443704][T15757] do_dentry_open+0x6d8/0x1660 [ 523.443722][T15757] ? __pfx_chrdev_open+0x10/0x10 [ 523.443747][T15757] vfs_open+0x82/0x3f0 [ 523.443773][T15757] path_openat+0x208c/0x31a0 [ 523.443801][T15757] ? __pfx_path_openat+0x10/0x10 [ 523.443829][T15757] do_file_open+0x20e/0x430 [ 523.443850][T15757] ? __pfx_do_file_open+0x10/0x10 [ 523.443886][T15757] ? alloc_fd+0x476/0x790 [ 523.443907][T15757] ? do_getname+0x191/0x390 [ 523.443933][T15757] do_sys_openat2+0x10d/0x1e0 [ 523.443958][T15757] ? __pfx_do_sys_openat2+0x10/0x10 [ 523.443985][T15757] ? __fget_files+0x21f/0x3d0 [ 523.444007][T15757] __x64_sys_openat+0x12d/0x210 [ 523.444033][T15757] ? __pfx___x64_sys_openat+0x10/0x10 [ 523.444071][T15757] do_syscall_64+0x106/0xf80 [ 523.444098][T15757] ? clear_bhb_loop+0x40/0x90 [ 523.444120][T15757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.444139][T15757] RIP: 0033:0x7f304af9c799 [ 523.444155][T15757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 523.444172][T15757] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 523.444190][T15757] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 523.444202][T15757] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 523.444213][T15757] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 523.444224][T15757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 523.444234][T15757] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 523.444266][T15757] [ 524.377823][T15763] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 524.629423][T15770] random: crng reseeded on system resumption [ 525.130070][T15785] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3701'. [ 525.601122][T15794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3706'. [ 525.640774][T15794] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3706'. [ 526.913051][T15812] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3714'. [ 527.280190][T15823] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3718'. [ 530.126660][T15869] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3732'. [ 531.083533][T15885] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3736'. [ 531.752222][T15906] netlink: 'syz.2.3737': attribute type 33 has an invalid length. [ 531.857016][T15906] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3737'. [ 532.073457][T15913] FAULT_INJECTION: forcing a failure. [ 532.073457][T15913] name failslab, interval 1, probability 0, space 0, times 0 [ 532.104029][T15915] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3744'. [ 532.214217][T15913] CPU: 0 UID: 0 PID: 15913 Comm: syz.0.3743 Tainted: G L syzkaller #0 PREEMPT(full) [ 532.214248][T15913] Tainted: [L]=SOFTLOCKUP [ 532.214255][T15913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 532.214265][T15913] Call Trace: [ 532.214272][T15913] [ 532.214280][T15913] dump_stack_lvl+0x100/0x190 [ 532.214316][T15913] should_fail_ex.cold+0x5/0xa [ 532.214340][T15913] should_failslab+0xc2/0x120 [ 532.214363][T15913] __kmalloc_cache_noprof+0x7a/0x6f0 [ 532.214389][T15913] ? wakeup_source_device_create+0x46/0x2e0 [ 532.214465][T15913] wakeup_source_device_create+0x46/0x2e0 [ 532.214492][T15913] wakeup_source_sysfs_add+0x1c/0x90 [ 532.214515][T15913] wakeup_source_register+0x154/0x3e0 [ 532.214535][T15913] ep_create_wakeup_source+0x1df/0x2e0 [ 532.214557][T15913] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 532.214579][T15913] ? do_epoll_ctl+0x1012/0x36a0 [ 532.214599][T15913] ? do_epoll_ctl+0x1012/0x36a0 [ 532.214624][T15913] do_epoll_ctl+0x1eee/0x36a0 [ 532.214652][T15913] ? __pfx_do_epoll_ctl+0x10/0x10 [ 532.214677][T15913] ? find_held_lock+0x2b/0x80 [ 532.214698][T15913] ? __might_fault+0xc5/0x140 [ 532.214724][T15913] ? __might_fault+0xc5/0x140 [ 532.214758][T15913] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 532.214777][T15913] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 532.214798][T15913] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 532.214825][T15913] do_syscall_64+0x106/0xf80 [ 532.214855][T15913] ? clear_bhb_loop+0x40/0x90 [ 532.214878][T15913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.214897][T15913] RIP: 0033:0x7f6f72f9c799 [ 532.214913][T15913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 532.214931][T15913] RSP: 002b:00007f6f73da9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 532.214949][T15913] RAX: ffffffffffffffda RBX: 00007f6f73215fa0 RCX: 00007f6f72f9c799 [ 532.214961][T15913] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 532.214972][T15913] RBP: 00007f6f73032c99 R08: 0000000000000000 R09: 0000000000000000 [ 532.214983][T15913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.214994][T15913] R13: 00007f6f73216038 R14: 00007f6f73215fa0 R15: 00007ffef0cf7778 [ 532.215017][T15913] [ 533.383325][T15929] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3749'. [ 534.100013][T15936] Process accounting resumed [ 534.862285][T15956] UHID_CREATE from different security context by process 2283 (syz.1.3761), this is not allowed. [ 535.246213][T15968] FAULT_INJECTION: forcing a failure. [ 535.246213][T15968] name failslab, interval 1, probability 0, space 0, times 0 [ 535.277455][T15968] CPU: 0 UID: 0 PID: 15968 Comm: syz.3.3765 Tainted: G L syzkaller #0 PREEMPT(full) [ 535.277487][T15968] Tainted: [L]=SOFTLOCKUP [ 535.277494][T15968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 535.277505][T15968] Call Trace: [ 535.277512][T15968] [ 535.277519][T15968] dump_stack_lvl+0x100/0x190 [ 535.277552][T15968] should_fail_ex.cold+0x5/0xa [ 535.277575][T15968] should_failslab+0xc2/0x120 [ 535.277597][T15968] __kmalloc_cache_noprof+0x7a/0x6f0 [ 535.277621][T15968] ? alloc_tty_struct+0x96/0x8c0 [ 535.277652][T15968] ? ptmx_open+0x102/0x3c0 [ 535.277678][T15968] alloc_tty_struct+0x96/0x8c0 [ 535.277707][T15968] ? __mutex_unlock_slowpath+0x15c/0x790 [ 535.277737][T15968] ? __pfx_alloc_tty_struct+0x10/0x10 [ 535.277767][T15968] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 535.277802][T15968] tty_init_dev.part.0+0x20/0x470 [ 535.277833][T15968] tty_init_dev+0x60/0x80 [ 535.277850][T15968] ptmx_open+0x15e/0x3c0 [ 535.277873][T15968] ? __pfx_ptmx_open+0x10/0x10 [ 535.277895][T15968] chrdev_open+0x234/0x6a0 [ 535.277915][T15968] ? __pfx_apparmor_file_open+0x10/0x10 [ 535.277936][T15968] ? __pfx_chrdev_open+0x10/0x10 [ 535.277956][T15968] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 535.277982][T15968] do_dentry_open+0x6d8/0x1660 [ 535.278000][T15968] ? __pfx_chrdev_open+0x10/0x10 [ 535.278025][T15968] vfs_open+0x82/0x3f0 [ 535.278052][T15968] path_openat+0x208c/0x31a0 [ 535.278079][T15968] ? __pfx_path_openat+0x10/0x10 [ 535.278107][T15968] do_file_open+0x20e/0x430 [ 535.278136][T15968] ? __pfx_do_file_open+0x10/0x10 [ 535.278172][T15968] ? alloc_fd+0x476/0x790 [ 535.278193][T15968] ? do_getname+0x191/0x390 [ 535.278219][T15968] do_sys_openat2+0x10d/0x1e0 [ 535.278243][T15968] ? __pfx_do_sys_openat2+0x10/0x10 [ 535.278270][T15968] ? __fget_files+0x21f/0x3d0 [ 535.278293][T15968] __x64_sys_openat+0x12d/0x210 [ 535.278320][T15968] ? __pfx___x64_sys_openat+0x10/0x10 [ 535.278355][T15968] do_syscall_64+0x106/0xf80 [ 535.278382][T15968] ? clear_bhb_loop+0x40/0x90 [ 535.278404][T15968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.278427][T15968] RIP: 0033:0x7f5a0b39c799 [ 535.278442][T15968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 535.278460][T15968] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 535.278478][T15968] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 535.278489][T15968] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 535.278500][T15968] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 535.278511][T15968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 535.278521][T15968] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 535.278545][T15968] [ 536.178177][T15973] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3767'. [ 536.890540][ T29] audit: type=1804 audit(4294967376.940:20): pid=15993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3775" name="/newroot/529/file0" dev="tmpfs" ino=2708 res=1 errno=0 [ 536.978406][T15997] FAULT_INJECTION: forcing a failure. [ 536.978406][T15997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.998775][ T29] audit: type=1804 audit(4294967377.050:21): pid=15998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3775" name="/newroot/529/file0" dev="tmpfs" ino=2708 res=1 errno=0 [ 537.020252][T15997] CPU: 0 UID: 0 PID: 15997 Comm: syz.1.3777 Tainted: G L syzkaller #0 PREEMPT(full) [ 537.020283][T15997] Tainted: [L]=SOFTLOCKUP [ 537.020290][T15997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 537.020301][T15997] Call Trace: [ 537.020307][T15997] [ 537.020314][T15997] dump_stack_lvl+0x100/0x190 [ 537.020347][T15997] should_fail_ex.cold+0x5/0xa [ 537.020370][T15997] _copy_to_iter+0x5a4/0x1720 [ 537.020396][T15997] ? igmp_mc_seq_stop+0xab/0x150 [ 537.020505][T15997] ? __pfx__copy_to_iter+0x10/0x10 [ 537.020528][T15997] ? traverse.part.0.constprop.0+0x2c5/0x650 [ 537.020567][T15997] seq_read_iter+0x691/0x1270 [ 537.020599][T15997] ? aa_file_perm+0x7f3/0x14d0 [ 537.020632][T15997] seq_read+0x33b/0x4c0 [ 537.020661][T15997] ? __pfx_seq_read+0x10/0x10 [ 537.020705][T15997] ? __pfx_seq_read+0x10/0x10 [ 537.020733][T15997] proc_reg_read+0x240/0x330 [ 537.020763][T15997] ? __pfx_proc_reg_read+0x10/0x10 [ 537.020792][T15997] vfs_read+0x1e4/0xb30 [ 537.020812][T15997] ? __pfx_vfs_read+0x10/0x10 [ 537.020828][T15997] ? find_held_lock+0x2b/0x80 [ 537.020846][T15997] ? __fget_files+0x215/0x3d0 [ 537.020862][T15997] ? __fget_files+0x215/0x3d0 [ 537.020884][T15997] ? __fget_files+0x21f/0x3d0 [ 537.020908][T15997] __x64_sys_pread64+0x1eb/0x250 [ 537.020928][T15997] ? __pfx___x64_sys_pread64+0x10/0x10 [ 537.020954][T15997] do_syscall_64+0x106/0xf80 [ 537.020982][T15997] ? clear_bhb_loop+0x40/0x90 [ 537.021005][T15997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.021023][T15997] RIP: 0033:0x7f304af9c799 [ 537.021039][T15997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 537.021057][T15997] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 537.021075][T15997] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 537.021087][T15997] RDX: 0000000001000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 537.021097][T15997] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 537.021109][T15997] R10: 0000000000000586 R11: 0000000000000246 R12: 0000000000000000 [ 537.021119][T15997] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 537.021151][T15997] [ 537.449411][T16005] netlink: 'syz.0.3778': attribute type 27 has an invalid length. [ 537.457324][T16005] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3778'. [ 537.697741][T16016] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3784'. [ 538.388159][T16036] vcan0: tx drop: invalid da for name 0x000000000000003f [ 538.546698][T16042] binder: 16040:16042 unknown command 1943706016 [ 538.571227][T16042] binder: 16040:16042 ioctl c0306201 0 returned -22 [ 538.992804][T16055] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3799'. [ 539.109485][T16058] FAULT_INJECTION: forcing a failure. [ 539.109485][T16058] name failslab, interval 1, probability 0, space 0, times 0 [ 539.200358][T16058] CPU: 0 UID: 0 PID: 16058 Comm: syz.0.3800 Tainted: G L syzkaller #0 PREEMPT(full) [ 539.200389][T16058] Tainted: [L]=SOFTLOCKUP [ 539.200395][T16058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 539.200406][T16058] Call Trace: [ 539.200412][T16058] [ 539.200420][T16058] dump_stack_lvl+0x100/0x190 [ 539.200454][T16058] should_fail_ex.cold+0x5/0xa [ 539.200476][T16058] should_failslab+0xc2/0x120 [ 539.200499][T16058] __kmalloc_cache_noprof+0x7a/0x6f0 [ 539.200523][T16058] ? vim2m_open+0xad/0x830 [ 539.200616][T16058] vim2m_open+0xad/0x830 [ 539.200644][T16058] v4l2_open+0x1d2/0x490 [ 539.200666][T16058] ? __pfx_v4l2_open+0x10/0x10 [ 539.200684][T16058] chrdev_open+0x234/0x6a0 [ 539.200704][T16058] ? __pfx_apparmor_file_open+0x10/0x10 [ 539.200725][T16058] ? __pfx_chrdev_open+0x10/0x10 [ 539.200747][T16058] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 539.200773][T16058] do_dentry_open+0x6d8/0x1660 [ 539.200792][T16058] ? __pfx_chrdev_open+0x10/0x10 [ 539.200817][T16058] vfs_open+0x82/0x3f0 [ 539.200844][T16058] path_openat+0x208c/0x31a0 [ 539.200870][T16058] ? __pfx_path_openat+0x10/0x10 [ 539.200899][T16058] do_file_open+0x20e/0x430 [ 539.200924][T16058] ? __pfx_do_file_open+0x10/0x10 [ 539.200961][T16058] ? alloc_fd+0x476/0x790 [ 539.200982][T16058] ? do_getname+0x191/0x390 [ 539.201007][T16058] do_sys_openat2+0x10d/0x1e0 [ 539.201033][T16058] ? __pfx_do_sys_openat2+0x10/0x10 [ 539.201074][T16058] __x64_sys_openat+0x12d/0x210 [ 539.201099][T16058] ? __pfx___x64_sys_openat+0x10/0x10 [ 539.201134][T16058] do_syscall_64+0x106/0xf80 [ 539.201161][T16058] ? clear_bhb_loop+0x40/0x90 [ 539.201183][T16058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.201202][T16058] RIP: 0033:0x7f6f72f9c799 [ 539.201218][T16058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 539.201234][T16058] RSP: 002b:00007f6f73da9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 539.201252][T16058] RAX: ffffffffffffffda RBX: 00007f6f73215fa0 RCX: 00007f6f72f9c799 [ 539.201267][T16058] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 539.201279][T16058] RBP: 00007f6f73032c99 R08: 0000000000000000 R09: 0000000000000000 [ 539.201289][T16058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 539.201299][T16058] R13: 00007f6f73216038 R14: 00007f6f73215fa0 R15: 00007ffef0cf7778 [ 539.201323][T16058] [ 545.506253][T16164] futex_wake_op: syz.3.3842 tries to shift op by -2048; fix this program [ 545.542732][T16164] 0x000000000001-0x000000020000 : "" [ 545.578337][T16164] ftl_cs: FTL header corrupt! [ 545.793400][T16168] ERROR: Out of memory at tomoyo_memory_ok. [ 546.240316][T16179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3845'. [ 546.329031][T16182] netlink: 'syz.1.3855': attribute type 27 has an invalid length. [ 546.351827][T16182] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3855'. [ 546.363450][T16181] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3845'. [ 550.906193][T16287] : renamed from team0 (while UP) [ 551.427271][T16301] FAULT_INJECTION: forcing a failure. [ 551.427271][T16301] name failslab, interval 1, probability 0, space 0, times 0 [ 551.517806][T16301] CPU: 0 UID: 0 PID: 16301 Comm: syz.1.3886 Tainted: G L syzkaller #0 PREEMPT(full) [ 551.517838][T16301] Tainted: [L]=SOFTLOCKUP [ 551.517845][T16301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 551.517855][T16301] Call Trace: [ 551.517861][T16301] [ 551.517868][T16301] dump_stack_lvl+0x100/0x190 [ 551.517907][T16301] should_fail_ex.cold+0x5/0xa [ 551.517930][T16301] should_failslab+0xc2/0x120 [ 551.517951][T16301] __kvmalloc_node_noprof+0xfa/0xa00 [ 551.517979][T16301] ? v4l2_ctrl_handler_init_class+0x201/0x350 [ 551.518079][T16301] ? lockdep_init_map_type+0x5c/0x250 [ 551.518110][T16301] v4l2_ctrl_handler_init_class+0x201/0x350 [ 551.518140][T16301] ? mutex_init_lockep+0x110/0x150 [ 551.518167][T16301] vim2m_open+0x11c/0x830 [ 551.518197][T16301] v4l2_open+0x1d2/0x490 [ 551.518216][T16301] ? __pfx_v4l2_open+0x10/0x10 [ 551.518233][T16301] chrdev_open+0x234/0x6a0 [ 551.518252][T16301] ? __pfx_apparmor_file_open+0x10/0x10 [ 551.518272][T16301] ? __pfx_chrdev_open+0x10/0x10 [ 551.518293][T16301] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 551.518318][T16301] do_dentry_open+0x6d8/0x1660 [ 551.518337][T16301] ? __pfx_chrdev_open+0x10/0x10 [ 551.518362][T16301] vfs_open+0x82/0x3f0 [ 551.518390][T16301] path_openat+0x208c/0x31a0 [ 551.518418][T16301] ? __pfx_path_openat+0x10/0x10 [ 551.518447][T16301] do_file_open+0x20e/0x430 [ 551.518469][T16301] ? __pfx_do_file_open+0x10/0x10 [ 551.518507][T16301] ? alloc_fd+0x476/0x790 [ 551.518529][T16301] ? do_getname+0x191/0x390 [ 551.518554][T16301] do_sys_openat2+0x10d/0x1e0 [ 551.518579][T16301] ? __pfx_do_sys_openat2+0x10/0x10 [ 551.518613][T16301] __x64_sys_openat+0x12d/0x210 [ 551.518639][T16301] ? __pfx___x64_sys_openat+0x10/0x10 [ 551.518674][T16301] do_syscall_64+0x106/0xf80 [ 551.518701][T16301] ? clear_bhb_loop+0x40/0x90 [ 551.518724][T16301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.518742][T16301] RIP: 0033:0x7f304af9c799 [ 551.518759][T16301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 551.518776][T16301] RSP: 002b:00007f304becc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 551.518795][T16301] RAX: ffffffffffffffda RBX: 00007f304b215fa0 RCX: 00007f304af9c799 [ 551.518807][T16301] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 551.518819][T16301] RBP: 00007f304b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 551.518830][T16301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 551.518841][T16301] R13: 00007f304b216038 R14: 00007f304b215fa0 R15: 00007ffde905ccd8 [ 551.518865][T16301] [ 553.616162][T16347] futex_wake_op: syz.3.3905 tries to shift op by -2048; fix this program [ 553.677601][T16347] 0x000000000001-0x000000020000 : "" [ 553.722423][T16347] ftl_cs: FTL header corrupt! [ 553.960234][T16351] ERROR: Out of memory at tomoyo_memory_ok. [ 554.712285][T16376] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3914'. [ 556.036241][T16399] tc_dump_action: action bad kind [ 556.290122][T16406] netlink: 322 bytes leftover after parsing attributes in process `syz.2.3924'. [ 557.102322][T16431] netlink: 110 bytes leftover after parsing attributes in process `syz.2.3932'. [ 557.789242][T16441] ================================================================== [ 557.789281][T16441] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 557.789362][T16441] Read of size 26 at addr ffff888034cbb6e2 by task syz.3.3934/16441 [ 557.789383][T16441] [ 557.789395][T16441] CPU: 0 UID: 0 PID: 16441 Comm: syz.3.3934 Tainted: G L syzkaller #0 PREEMPT(full) [ 557.789421][T16441] Tainted: [L]=SOFTLOCKUP [ 557.789429][T16441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 557.789440][T16441] Call Trace: [ 557.789446][T16441] [ 557.789454][T16441] dump_stack_lvl+0x100/0x190 [ 557.789481][T16441] print_report+0x156/0x4c9 [ 557.789506][T16441] ? __virt_addr_valid+0x81/0x620 [ 557.789531][T16441] ? __phys_addr+0xe8/0x180 [ 557.789554][T16441] ? fbcon_prepare_logo+0x94e/0xc60 [ 557.789574][T16441] kasan_report+0xdf/0x1e0 [ 557.789593][T16441] ? fbcon_prepare_logo+0x94e/0xc60 [ 557.789616][T16441] kasan_check_range+0x10f/0x1e0 [ 557.789639][T16441] __asan_memcpy+0x23/0x60 [ 557.789666][T16441] fbcon_prepare_logo+0x94e/0xc60 [ 557.789690][T16441] fbcon_init+0x10a0/0x1820 [ 557.789711][T16441] visual_init+0x320/0x620 [ 557.789803][T16441] do_bind_con_driver.isra.0+0x636/0x9c0 [ 557.789831][T16441] store_bind+0x609/0x730 [ 557.789865][T16441] ? __pfx_store_bind+0x10/0x10 [ 557.789889][T16441] dev_attr_store+0x58/0x80 [ 557.789930][T16441] ? __pfx_dev_attr_store+0x10/0x10 [ 557.789951][T16441] sysfs_kf_write+0xf2/0x150 [ 557.789975][T16441] kernfs_fop_write_iter+0x3e0/0x5f0 [ 557.789994][T16441] ? __pfx_sysfs_kf_write+0x10/0x10 [ 557.790017][T16441] vfs_write+0x6ac/0x1070 [ 557.790035][T16441] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 557.790056][T16441] ? __pfx_vfs_write+0x10/0x10 [ 557.790079][T16441] ksys_write+0x12a/0x250 [ 557.790095][T16441] ? __pfx_ksys_write+0x10/0x10 [ 557.790115][T16441] do_syscall_64+0x106/0xf80 [ 557.790142][T16441] ? clear_bhb_loop+0x40/0x90 [ 557.790163][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.790181][T16441] RIP: 0033:0x7f5a0b39c799 [ 557.790196][T16441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.790213][T16441] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 557.790232][T16441] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 557.790244][T16441] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 557.790255][T16441] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 557.790266][T16441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.790277][T16441] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 557.790294][T16441] [ 557.790300][T16441] [ 557.790305][T16441] Allocated by task 16437: [ 557.790334][T16441] kasan_save_stack+0x30/0x50 [ 557.790363][T16441] kasan_save_track+0x14/0x30 [ 557.790378][T16441] __kasan_kmalloc+0xaa/0xb0 [ 557.790403][T16441] vmci_host_open+0x43/0x100 [ 557.790439][T16441] misc_open+0x26d/0x450 [ 557.790458][T16441] chrdev_open+0x234/0x6a0 [ 557.790476][T16441] do_dentry_open+0x6d8/0x1660 [ 557.790493][T16441] vfs_open+0x82/0x3f0 [ 557.790514][T16441] path_openat+0x208c/0x31a0 [ 557.790531][T16441] do_file_open+0x20e/0x430 [ 557.790548][T16441] do_sys_openat2+0x10d/0x1e0 [ 557.790571][T16441] __x64_sys_openat+0x12d/0x210 [ 557.790594][T16441] do_syscall_64+0x106/0xf80 [ 557.790620][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.790637][T16441] [ 557.790641][T16441] Freed by task 16436: [ 557.790650][T16441] kasan_save_stack+0x30/0x50 [ 557.790677][T16441] kasan_save_track+0x14/0x30 [ 557.790691][T16441] kasan_save_free_info+0x3b/0x70 [ 557.790714][T16441] __kasan_slab_free+0x5f/0x80 [ 557.790729][T16441] kfree+0x1f6/0x6b0 [ 557.790750][T16441] vmci_host_close+0xba/0x1a0 [ 557.790765][T16441] __fput+0x3ff/0xb40 [ 557.790784][T16441] task_work_run+0x150/0x240 [ 557.790809][T16441] exit_to_user_mode_loop+0x100/0x4a0 [ 557.790832][T16441] do_syscall_64+0x668/0xf80 [ 557.790864][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.790881][T16441] [ 557.790885][T16441] The buggy address belongs to the object at ffff888034cbb600 [ 557.790885][T16441] which belongs to the cache kmalloc-192 of size 192 [ 557.790899][T16441] The buggy address is located 34 bytes to the right of [ 557.790899][T16441] allocated 192-byte region [ffff888034cbb600, ffff888034cbb6c0) [ 557.790916][T16441] [ 557.790921][T16441] The buggy address belongs to the physical page: [ 557.790930][T16441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34cbb [ 557.790952][T16441] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 557.790967][T16441] page_type: f5(slab) [ 557.790982][T16441] raw: 00fff00000000000 ffff88813fe393c0 dead000000000100 dead000000000122 [ 557.791003][T16441] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 557.791013][T16441] page dumped because: kasan: bad access detected [ 557.791044][T16441] page_owner tracks the page as allocated [ 557.791051][T16441] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9593, tgid 9593 (syz-executor), ts 236241312685, free_ts 236230183380 [ 557.791083][T16441] post_alloc_hook+0x153/0x170 [ 557.791107][T16441] get_page_from_freelist+0x111d/0x3140 [ 557.791132][T16441] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 557.791159][T16441] new_slab+0xa6/0x6b0 [ 557.791180][T16441] refill_objects+0x26b/0x400 [ 557.791204][T16441] __pcs_replace_empty_main+0x1ab/0x660 [ 557.791232][T16441] __kmalloc_cache_noprof+0x493/0x6f0 [ 557.791254][T16441] netdevice_event+0x308/0x9a0 [ 557.791311][T16441] notifier_call_chain+0x99/0x420 [ 557.791333][T16441] call_netdevice_notifiers_info+0xbe/0x110 [ 557.791355][T16441] __netdev_upper_dev_link+0x43c/0x7e0 [ 557.791373][T16441] netdev_master_upper_dev_link+0x9f/0xd0 [ 557.791391][T16441] br_add_if+0x9fd/0x1b40 [ 557.791440][T16441] do_set_master+0x40f/0x730 [ 557.791467][T16441] do_setlink.isra.0+0xb2b/0x3e50 [ 557.791492][T16441] rtnl_newlink+0x11bd/0x2380 [ 557.791516][T16441] page last free pid 9701 tgid 9701 stack trace: [ 557.791526][T16441] __free_frozen_pages+0x7e1/0x10d0 [ 557.791547][T16441] tlb_finish_mmu+0x27d/0x810 [ 557.791568][T16441] exit_mmap+0x454/0xa30 [ 557.791586][T16441] __mmput+0x12a/0x410 [ 557.791602][T16441] mmput+0x67/0x80 [ 557.791619][T16441] do_exit+0x819/0x2b60 [ 557.791639][T16441] do_group_exit+0xd5/0x2a0 [ 557.791662][T16441] __x64_sys_exit_group+0x3e/0x50 [ 557.791685][T16441] x64_sys_call+0x102c/0x1530 [ 557.791703][T16441] do_syscall_64+0x106/0xf80 [ 557.791728][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.791745][T16441] [ 557.791749][T16441] Memory state around the buggy address: [ 557.791758][T16441] ffff888034cbb580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 557.791770][T16441] ffff888034cbb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 557.791785][T16441] >ffff888034cbb680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 557.791797][T16441] ^ [ 557.791807][T16441] ffff888034cbb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 557.791819][T16441] ffff888034cbb780: 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc [ 557.791829][T16441] ================================================================== [ 557.791867][T16441] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 557.791882][T16441] CPU: 0 UID: 0 PID: 16441 Comm: syz.3.3934 Tainted: G L syzkaller #0 PREEMPT(full) [ 557.791908][T16441] Tainted: [L]=SOFTLOCKUP [ 557.791915][T16441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 557.791926][T16441] Call Trace: [ 557.791933][T16441] [ 557.791940][T16441] dump_stack_lvl+0x100/0x190 [ 557.791967][T16441] vpanic+0x552/0x970 [ 557.791984][T16441] ? __pfx_vpanic+0x10/0x10 [ 557.792001][T16441] ? __pfx_vprintk_emit+0x10/0x10 [ 557.792021][T16441] ? fbcon_prepare_logo+0x94e/0xc60 [ 557.792041][T16441] panic+0xd1/0xe0 [ 557.792056][T16441] ? __pfx_panic+0x10/0x10 [ 557.792075][T16441] ? fbcon_prepare_logo+0x94e/0xc60 [ 557.792097][T16441] check_panic_on_warn.cold+0x19/0x34 [ 557.792116][T16441] end_report.part.0+0x3a/0x90 [ 557.792141][T16441] kasan_report.cold+0xe/0x18 [ 557.792166][T16441] ? fbcon_prepare_logo+0x94e/0xc60 [ 557.792189][T16441] kasan_check_range+0x10f/0x1e0 [ 557.792213][T16441] __asan_memcpy+0x23/0x60 [ 557.792239][T16441] fbcon_prepare_logo+0x94e/0xc60 [ 557.792262][T16441] fbcon_init+0x10a0/0x1820 [ 557.792284][T16441] visual_init+0x320/0x620 [ 557.792306][T16441] do_bind_con_driver.isra.0+0x636/0x9c0 [ 557.792335][T16441] store_bind+0x609/0x730 [ 557.792361][T16441] ? __pfx_store_bind+0x10/0x10 [ 557.792384][T16441] dev_attr_store+0x58/0x80 [ 557.792406][T16441] ? __pfx_dev_attr_store+0x10/0x10 [ 557.792427][T16441] sysfs_kf_write+0xf2/0x150 [ 557.792450][T16441] kernfs_fop_write_iter+0x3e0/0x5f0 [ 557.792469][T16441] ? __pfx_sysfs_kf_write+0x10/0x10 [ 557.792493][T16441] vfs_write+0x6ac/0x1070 [ 557.792509][T16441] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 557.792530][T16441] ? __pfx_vfs_write+0x10/0x10 [ 557.792553][T16441] ksys_write+0x12a/0x250 [ 557.792570][T16441] ? __pfx_ksys_write+0x10/0x10 [ 557.792589][T16441] do_syscall_64+0x106/0xf80 [ 557.792616][T16441] ? clear_bhb_loop+0x40/0x90 [ 557.792636][T16441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.792654][T16441] RIP: 0033:0x7f5a0b39c799 [ 557.792668][T16441] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 557.792685][T16441] RSP: 002b:00007f5a0c259028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 557.792703][T16441] RAX: ffffffffffffffda RBX: 00007f5a0b615fa0 RCX: 00007f5a0b39c799 [ 557.792715][T16441] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 557.792726][T16441] RBP: 00007f5a0b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 557.792737][T16441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 557.792747][T16441] R13: 00007f5a0b616038 R14: 00007f5a0b615fa0 R15: 00007ffdd3d9fe28 [ 557.792764][T16441] [ 557.792837][T16441] Kernel Offset: disabled